The Agent Skills Directory

[Prompt Injection] (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found in the markdown or code comments.\n- [Data Exposure & Exfiltration] (SAFE): The API keys and webhook secrets provided (sk_test_..., pk_test_..., whsec_...) are standard Stripe test-mode placeholders. Use of public Stripe test credit card numbers is standard for development and does not constitute a data leak. No unauthorized network operations or sensitive local file access were detected.\n- [Unverifiable Dependencies] (SAFE): The code references the official stripe library, which is a trusted industry-standard dependency. No suspicious remote script execution or unverifiable package installations were found.\n- [Indirect Prompt Injection] (SAFE): The skill possesses an ingestion surface via webhook processing, but correctly demonstrates mitigation. 1. Ingestion points: request.data in webhook endpoint. 2. Boundary markers: Absent. 3. Capability inventory: stripe.Refund.create, stripe.Subscription.create, stripe.checkout.Session.create. 4. Sanitization: Signature verification is implemented using stripe.Webhook.construct_event, which ensures the integrity and authenticity of the incoming data.

stripe-payments