stripe-revenue
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implementation aligns with its stated purpose of providing Stripe financial metrics without any unauthorized or suspicious behavior.
- [EXTERNAL_DOWNLOADS]: Fetches data from the official Stripe API (api.stripe.com). Stripe is a well-known and trusted service provider.
- [DATA_EXFILTRATION]: Accesses the Stripe API key from the local configuration path
~/.config/stripe/config.json. This is standard practice for CLI-based tools to maintain authentication and is necessary for the skill's functionality. - [PROMPT_INJECTION]: Indirect prompt injection risk is present as the skill processes data from external API responses.
- Ingestion points: API response data is processed in
scripts/stripe_revenue.pyvia the_api_getfunction. - Boundary markers: The script uses JSON parsing to handle responses and explicitly extracts desired fields.
- Capability inventory: The skill has the capability to perform network requests and execute Python scripts.
- Sanitization: The script extracts and formats specific data fields (e.g., currency amounts, status strings) from the JSON response rather than processing raw strings as instructions.
Audit Metadata