checkout-components
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill installs '@stripe/stripe-js' and '@stripe/react-stripe-js' from the official Stripe organization. Per [TRUST-SCOPE-RULE], these are from a trusted source and the finding is rated as LOW.
- [COMMAND_EXECUTION] (LOW): Local shell scripts are used for project scaffolding and environment setup. These scripts perform routine file operations and include input whitelisting in the case statement to prevent command injection.
- [SAFE] (SAFE): No malicious patterns or vulnerabilities were found. The skill emphasizes security best practices, specifically through its 'validate-components.sh' utility which helps developers avoid accidental leaks of Stripe secret keys.
Audit Metadata