stripe
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious patterns or security risks were identified in the skill content. All provided code snippets follow industry-standard security practices for payment processing.
- [CREDENTIALS_UNSAFE] (SAFE): The skill correctly uses environment variables (e.g.,
process.env.STRIPE_SECRET_KEY) and explicitly warns against exposing secret keys on the client side. No hardcoded credentials were found. - [EXTERNAL_DOWNLOADS] (SAFE): The skill references official and widely-used Stripe libraries (
stripe,@stripe/stripe-js) which are considered trusted sources. - [DATA_EXFILTRATION] (SAFE): Network operations are confined to official Stripe API interactions. No patterns of unauthorized data collection or exfiltration were detected.
- [INDIRECT_PROMPT_INJECTION] (LOW): While the skill involves processing untrusted data from webhooks and client requests, it implements proper signature verification (
stripe.webhooks.constructEvent) to ensure data integrity and authenticity.
Audit Metadata