Skills
skills/vm0-ai/vm0-skills/stripe/Gen Agent Trust Hub

stripe

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl to interact with the official Stripe API (api.stripe.com). These commands are necessary for managing customers, products, and subscriptions. It also involves writing temporary request data to /tmp/stripe_request.txt to handle form-encoded POST bodies.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests and processes data from external API responses.
  • Ingestion points: API responses from api.stripe.com as documented in SKILL.md.
  • Boundary markers: Absent. There are no delimiters or specific instructions for the agent to disregard potential instructions within the retrieved data.
  • Capability inventory: The skill utilizes curl for network requests and jq for data processing.
  • Sanitization: None. While jq is used to filter fields, the content itself is not sanitized for potential injection patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 05:13 PM