stripe-connect
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface identified. The skill is designed to ingest data from external Stripe API responses, which could contain attacker-controlled content in fields like customer descriptions or metadata.
- Ingestion points: Data retrieved via Stripe API calls (e.g.,
stripe.customers.list,stripe.charges.list) is processed by the agent. - Boundary markers: Absent. The skill provides no instructions or delimiters to help the agent distinguish between its own logic and instructions potentially embedded in external data.
- Capability inventory: The skill is configured with powerful tools including
Bash,Write, andEdit, which could be exploited if the agent follows instructions found in untrusted external data. - Sanitization: While the code snippets include webhook signature verification, there are no instructions or logic provided for the agent to sanitize or escape strings retrieved from the API before display or further processing.
- [COMMAND_EXECUTION]: The skill's metadata includes
Bashin itsallowed-toolslist. This provides the agent with arbitrary shell execution capabilities, which is a violation of the principle of least privilege given that the skill's stated primary purpose is 'Query, Don't Execute' financial data.
Audit Metadata