Skills
skills/heyvhuang/ship-faster/mcp-stripe/Gen Agent Trust Hub

mcp-stripe

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): Skill references https://mcp.stripe.com/ for server connectivity. As Stripe is an established and trusted organization, this external reference is considered low risk.
  • [COMMAND_EXECUTION] (LOW): Provides instructions for adding the MCP server using the claude mcp add command as part of the initial setup.
  • [PROMPT_INJECTION] (LOW): Susceptible to indirect prompt injection (Category 8) when processing external data. Evidence: 1. Ingestion points: Data entering via search_stripe_documentation and search_stripe_resources tools. 2. Boundary markers: Absent from the prompt instructions. 3. Capability inventory: Includes high-impact write operations such as create_refund and cancel_subscription. 4. Sanitization: Implements a manual confirmation flow for high-risk actions which serves as a human-in-the-loop mitigation.
  • [NO_CODE] (SAFE): No executable script files (e.g., .py, .js) were included in the skill, reducing the direct attack surface.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:25 PM