stripe-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it retrieves and processes untrusted data from external Stripe records.
- Ingestion points: Data enters the agent's context through tools such as
STRIPE_SEARCH_CUSTOMERS,STRIPE_LIST_INVOICES, andSTRIPE_SEARCH_PRODUCTS, which fetch fields like names, descriptions, and metadata from a Stripe account. - Boundary markers: The instructions do not define any delimiters or safety markers to differentiate between system instructions and data retrieved from Stripe.
- Capability inventory: The agent is granted significant operational capabilities, including the ability to issue refunds (
STRIPE_CREATE_REFUND), create charges (STRIPE_CREATE_PAYMENT_INTENT), and manage subscriptions (STRIPE_UPDATE_SUBSCRIPTION). - Sanitization: There is no evidence of sanitization or validation of the retrieved data before it is used to influence subsequent agent decisions or tool calls.
- [EXTERNAL_DOWNLOADS]: The skill requires the configuration of an external MCP server endpoint at
https://rube.app/mcp. This service provides the necessary tool definitions and connectivity to the Stripe API.
Audit Metadata