stripe-automation

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill requires connecting to the Rube MCP endpoint https://rube.app/mcp at runtime (via RUBE_SEARCH_TOOLS) to fetch tool schemas that directly determine agent instructions, so the external content controls prompts and is a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Stripe automation toolkit (via Rube MCP) with named actions that create and confirm payment intents, create direct charges, capture charges, create refunds, manage subscriptions and invoices, and create checkout sessions. These are specific payment gateway operations that can move funds or alter billing state, not generic tooling. Therefore it grants direct financial execution capability.