stripe-financial-connections
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the NPM registry to facilitate integration. - [COMMAND_EXECUTION]: The skill heavily utilizes the
membraneCLI to perform operations such asmembrane login,membrane connect, andmembrane action run. This is the intended delivery mechanism for the skill's functionality. - [DATA_EXFILTRATION]: The skill uses
membrane requestto interact with the Stripe Financial Connections API. While this involves network operations, it is limited to the scope of the Stripe integration and uses the vendor's managed proxy to handle credentials securely. - [PROMPT_INJECTION]: The instructions contain guidance for the agent on how to discover and execute actions using the CLI. These are standard operational instructions without any attempts to bypass safety filters or override core agent behavior.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill follows security best practices by explicitly instructing the agent not to handle or ask for raw API keys, instead relying on the CLI's managed connection system.
Audit Metadata