stripe-one-time-payment
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The instructions prompt the user to clone a repository from 'https://github.com/Eng0AI/stripe-one-time-payment.git'. This source is not verified or part of the trusted list, posing a risk of downloading malicious code.
- REMOTE_CODE_EXECUTION (HIGH): The skill requires running 'npm install' and 'npm start' on the cloned code. 'npm install' can trigger arbitrary scripts, and 'npm start' executes the downloaded server logic, leading to remote code execution of untrusted software.
- CREDENTIALS_UNSAFE (MEDIUM): The setup and deployment steps involve handling 'STRIPE_SECRET_KEY' and 'VERCEL_TOKEN' through shell commands and environment variables. If the cloned code is malicious, it could easily exfiltrate these secrets once they are provided by the user.
Recommendations
- AI detected serious security threats
Audit Metadata