stripe-sync-setup
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE] (LOW): The skill provides templates for environment variables (
.env) and code files (stripeSync.ts) that include placeholders for sensitive information likeDATABASE_URL,STRIPE_SECRET_KEY, andSTRIPE_WEBHOOK_SECRET. - Evidence: The documentation explicitly guides users to store a plaintext PostgreSQL connection string containing credentials in a
.envfile. - Mitigation: While standard for development, users should be reminded to use secret management services in production environments.
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructs the agent to install several third-party Node.js packages.
- Evidence:
npm install stripe-sync-engine stripe pg @types/pginSKILL.md. - Assessment: These are well-known, standard libraries for the described purpose (Stripe integration and PostgreSQL connectivity). No suspicious or unknown packages were detected.
- [DATA_EXFILTRATION] (SAFE): No evidence of unauthorized data transmission or exfiltration patterns was found. Network configurations are directed only at official Stripe API endpoints and local/user-provided database strings.
Audit Metadata