stripe-scaffold
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted data from multiple sources to drive code generation.
- Ingestion points: Reads from a local
stripe-designfile and processes external search results from Gemini regarding Stripe SDK patterns. - Boundary markers: Absent. The instructions do not provide delimiters or warnings to the LLM (Codex) to ignore instructions embedded within the design document.
- Capability inventory: The skill uses
codex execto generate and write code to the filesystem, and executespnpmfor typechecking and testing. - Sanitization: Absent. There is no logic to validate or sanitize the content of the design document before passing it to the code generator.
- [Command Execution] (LOW): The skill utilizes a dynamic execution pattern via the
codex exec --full-autocommand. While this is the primary purpose of the skill, executing a tool that autonomously generates and integrates code based on untrusted inputs increases the risk of deploying malicious logic if the input sources are compromised.
Audit Metadata