stripe-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill handles data from the Stripe API which may contain untrusted strings while providing access to high-impact financial tools. 1. Ingestion points: Stripe API responses (customer and invoice metadata). 2. Boundary markers: No specific delimiters or safety instructions are provided to prevent the agent from acting on instructions within the data. 3. Capability inventory: Includes sensitive operations like STRIPE_CREATE_REFUND, STRIPE_CREATE_PAYMENT_INTENT, and STRIPE_POST_CHARGES. 4. Sanitization: The instructions do not mention sanitizing or validating external data before the agent acts upon it.
- [External Downloads] (LOW): The setup requires the use of a third-party MCP endpoint (https://rube.app/mcp) which is a non-whitelisted dependency.
- [No Code] (SAFE): The skill consists entirely of Markdown documentation and does not include any executable scripts or binary files.
Audit Metadata