stripe-subscription
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill requires cloning a repository from an untrusted source (https://github.com/Eng0AI/stripe-subscription.git). This organization is not recognized as a trusted entity, and the code contents are not verified within the skill itself.
- [REMOTE_CODE_EXECUTION] (HIGH): The instructions command the agent to perform 'npm install' and 'npm start' on the cloned codebase. This sequence constitutes 'download then execute' of unverified remote code, which is a high-risk security violation.
- [CREDENTIALS_UNSAFE] (MEDIUM): The deployment and setup workflow explicitly guides users to provide their 'STRIPE_SECRET_KEY' and 'STRIPE_PUBLISHABLE_KEY' to the unverified application environment. This creates a risk where malicious code in the external repository could exfiltrate these sensitive keys.
Recommendations
- AI detected serious security threats
Audit Metadata