Skills
skills/rebyteai-template/rebyte-skills/stripe-one-time-payment/Gen Agent Trust Hub

stripe-one-time-payment

Fail

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill instructs the agent to clone a repository from https://github.com/Eng0AI/stripe-one-time-payment.git. This repository belongs to an unverified third-party account not included in the trusted organizations list.
  • REMOTE_CODE_EXECUTION (HIGH): After cloning the untrusted repository, the instructions command the agent to run npm install and npm start. These commands execute scripts and application logic from the unverified source on the local system.
  • COMMAND_EXECUTION (MEDIUM): The setup guide involves executing a sequence of shell commands including git clone, directory manipulation (mv, rm), and deployment commands (vercel env add, vercel --prod).
  • CREDENTIALS_UNSAFE (MEDIUM): The skill requires the user to provide STRIPE_SECRET_KEY and STRIPE_PUBLISHABLE_KEY. While functional for a payment skill, inputting these secrets into an environment where unverified third-party code is executed presents a significant exposure risk.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 21, 2026, 02:25 PM