Skills
skills/sickn33/antigravity-awesome-skills/stripe-integration/Snyk

stripe-integration

Fail

Audited by Snyk on Feb 28, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt includes examples that hardcode API keys and webhook secrets (e.g., stripe.api_key = "sk_test_...", endpoint_secret = 'whsec_...') and test card numbers, which instructs embedding secret values verbatim and therefore requires the LLM to handle/output secrets directly.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). This skill is explicitly designed to perform payment operations via the Stripe API. It includes concrete, executable calls to create Checkout Sessions, PaymentIntents, Subscriptions, Refunds, Customer records, attach payment methods, and webhook handling — all of which directly charge, refund, or manage payment methods and recurring billing. These are specific financial execution capabilities (Stripe payment gateway integration), not generic tooling.
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 28, 2026, 03:24 AM