payments
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [Handling of External Services]: The skill facilitates integration with Stripe for payment and subscription processing. This involves routine communication with official Stripe APIs to manage financial transactions and customer sessions.
- [Management of Sensitive Data]: The skill utilizes environment variables for API authentication, such as
STRIPE_SECRET_KEY. The provided code snippets follow security standards by keeping sensitive keys on the server while exposing only publishable keys to the client. - [Use of External Libraries]: The skill recommends installing official Stripe libraries (
stripe,@stripe/stripe-js, and@stripe/react-stripe-js). These are well-established dependencies used to interact securely with the Stripe platform. - [Webhook Security Verification]: The skill provides instructions for handling asynchronous data via webhooks. It explicitly includes signature verification logic, which is an essential security control to ensure that incoming data originates from Stripe and has not been tampered with.
Audit Metadata