The Agent Skills Directory

[SAFE]: The skill correctly adheres to security best practices for handling payments. It explicitly instructs developers never to handle raw card data, utilizing Stripe Elements and Checkout to maintain the simplest PCI compliance level (SAQ-A). Webhook integration patterns include mandatory signature verification using the Stripe SDK and webhook secrets to prevent request spoofing. Additionally, it implements a robust idempotency check by recording and verifying Stripe event IDs in the database, preventing duplicate transaction processing. All sensitive credentials, such as API keys and webhook secrets, are managed through environment variables rather than hardcoded values.

payment-integration