stripe-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill interacts with Stripe data (customer names, invoice descriptions, product metadata) which are attacker-controlled if the Stripe account interacts with public users. * Ingestion points: customer names in STRIPE_SEARCH_CUSTOMERS, invoice data in STRIPE_LIST_INVOICES, and product queries. * Boundary markers: Absent; instructions do not advise the agent to ignore instructions embedded in retrieved data. * Capability inventory: Significant financial actions including STRIPE_CREATE_PAYMENT_INTENT and STRIPE_CREATE_REFUND. * Sanitization: None provided.
- [External Downloads] (LOW): The setup requires connecting to an external MCP server (https://rube.app/mcp). While necessary for the skill's function, this source is not listed as a trusted repository or organization.
Audit Metadata