stripe-expert
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- CREDENTIALS_MANAGEMENT (SAFE): The implementation patterns correctly demonstrate the use of server-side environment variables (
process.env.STRIPE_SECRET_KEY) and include explicit warnings against exposing secrets to client-side code. - WEBHOOK_SECURITY (SAFE): The skill provides clear instructions and code samples for verifying Stripe webhook signatures using the
stripe.webhooks.constructEventmethod, which is a critical defense against request spoofing. - DATA_INTEGRITY (SAFE): Implementation patterns include the mandatory use of
idempotency_keyfor mutations (sessions/intents), following best practices for resilient payment systems and preventing accidental double-billing. - COMPLIANCE_AWARENESS (SAFE): The documentation explicitly advises against storing raw card data on local servers, reinforcing PCI-DSS compliance requirements and recommending Stripe-hosted UI (Checkout) to minimize attack surface.
Audit Metadata