The Agent Skills Directory

Official Tooling and Dependencies: The skill utilizes the @stripe/link-cli package and npx to manage payment operations. These are official resources provided by the vendor for secure interactions with the Link platform.
Sensitive Financial Data Handling: The skill processes payment credentials, including card details and one-time tokens. It includes explicit instructions for the agent to treat this information with care, apply masking when displaying to users, and only use it within secure checkout flows.
User-Centric Approval Workflow: A core security feature is the requirement for users to manually approve spend requests and logins via the Link app or a verification URL. This provides a critical layer of human oversight for all financial transactions.
Indirect Prompt Injection Surface: The skill processes untrusted data from external merchant sites. (1) Ingestion points: Merchant page content and raw WWW-Authenticate headers are analyzed by the agent. (2) Boundary markers: The agent is instructed to use single quotes or structured JSON strings when passing this data to the CLI to prevent parsing issues. (3) Capability inventory: The skill utilizes the link-cli tool for payment processing and npm/npx for environment setup. (4) Sanitization: The skill relies on the link-cli mpp decode tool to validate and parse external challenge payloads rather than performing manual decoding by the agent.
Command Execution Considerations: The agent executes shell commands where external data is interpolated as arguments. The instructions guide the agent to use structured JSON input and proper quoting to facilitate safe command execution.

create-payment-credential