stripe-revenue
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from the Stripe API, including metadata, invoice descriptions, and customer names, which serves as a potential surface for indirect prompt injection.
- Ingestion points: Stripe API objects such as
charges,customers, andsubscriptionsingested via webhooks or direct API calls. - Boundary markers: The implementation rules do not explicitly include delimiters or instructions for the agent to disregard embedded natural language commands within these data fields.
- Capability inventory: The skill provides patterns for database updates (
db.query) and network operations (fetch) based on the processed data. - Sanitization: The provided examples use parameterized SQL queries to prevent technical injection, but do not feature specific sanitization for natural language instructions embedded in processed strings.
- [EXTERNAL_DOWNLOADS]: The skill implements patterns for the programmatic retrieval of financial reports from Stripe.
- Evidence: Code in
rules/report-use-api-for-automation.mdandreferences/reporting.mduses thefetchAPI to download report files from URLs generated by the Stripe Report Runs API. - Context: These operations target Stripe's official infrastructure as part of a standard reporting workflow and are documented as intended functionality.
Audit Metadata