stripe-customers
Warn
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The script
scripts/stripe_customers.pyaccesses the sensitive configuration file at~/.config/stripe/config.jsonto retrieve theapi_key. While this is standard for Stripe's own CLI tools, reading credential files is a security concern in the context of AI agent skills.\n- [COMMAND_EXECUTION]: Thegetcommand inscripts/stripe_customers.pyperforms unsafe string concatenation of thecustomer_idargument into the API URL (f\"/customers/{customer_id}\"). This lacks proper URL encoding or sanitization, potentially allowing path traversal against the Stripe API endpoint if a malicious ID is supplied.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external data from the Stripe API.\n - Ingestion points: Customer profiles (names, emails, metadata) and subscription details are fetched from the external Stripe API in
scripts/stripe_customers.py.\n - Boundary markers: External data is presented to the agent without any delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The skill possesses the ability to read local configuration files and perform network operations to the Stripe API.\n
- Sanitization: No validation or sanitization of data retrieved from the API is performed before it is output to the agent context.
Audit Metadata