stripe-testing
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run various management and testing commands using the official Stripe CLI, such as
stripe payment_intents retrieveandstripe trigger(SKILL.md). - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it uses untrusted user inputs directly in shell commands.
- Ingestion points: User-provided payment intent IDs (
pi_...), charge IDs (ch_...), and event types provided as arguments to CLI commands (SKILL.md). - Boundary markers: Absent. There are no instructions for the agent to validate the structure of provided IDs or to use delimiters when interpolating them into commands.
- Capability inventory: Execution of shell commands via the Stripe CLI and reading local application logs (SKILL.md).
- Sanitization: Absent. No logic is provided to sanitize or escape shell metacharacters in user-provided inputs before they are executed in the shell.
- [DATA_EXFILTRATION]: The skill requires the agent to search through application logs for Stripe-related keywords. This access presents a risk of exposing sensitive information, such as PII or other credentials, that may be captured in application logs (SKILL.md).
Audit Metadata