stripe-sync-backfill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded secrets were found. The skill correctly instructs the user to use environment variables (
STRIPE_SECRET_KEY,DATABASE_URL,STRIPE_WEBHOOK_SECRET) for sensitive configuration. - [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard npm packages like
stripe-sync-engineandtsx. No suspicious remote scripts or piped bash commands were detected. - [COMMAND_EXECUTION] (SAFE): Includes shell commands for running local scripts (
npm run,date) which are standard and relevant to the skill's stated purpose of data backfilling. - [PROMPT_INJECTION] (SAFE): No attempts to override agent instructions, extract system prompts, or bypass safety filters were detected in the metadata or body content.
- [DATA_EXFILTRATION] (SAFE): While the skill facilitates data movement from Stripe to a local database, it does not contain code to send sensitive data to unauthorized third-party domains.
Audit Metadata