stripe-treasury
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches official JavaScript SDKs from Stripe's trusted domains (js.stripe.com and crypto-js.stripe.com) to power the crypto onramp widget. These are well-known, safe sources provided by the service vendor.\n- [COMMAND_EXECUTION]: The instructions include code examples for interacting with the Stripe API to manage financial accounts, initiate money movement, and issue cards. These actions are documented with appropriate authorization and error-handling patterns.\n- [PROMPT_INJECTION]: The instructional content is well-structured and focuses purely on technical implementation. No malicious overrides, safety bypasses, or instructions to ignore system prompts were detected.\n- [DATA_EXFILTRATION]: While the skill involves handling sensitive financial information (routing numbers, account numbers, CVCs), it includes explicit security rules such as 'issuing-retrieve-card-securely.md' which forbids logging or insecure storage of card details, ensuring alignment with PCI security standards.\n- [INDIRECT_PROMPT_INJECTION]: The skill manages data from external API responses and webhooks.\n
- Ingestion points: Untrusted data enters via webhook payloads like
issuing_authorization.requestandtreasury.received_credit.created.\n - Boundary markers: The skill relies on structured JSON communication and does not specify separate NL delimiters, though the context is programmatically constrained.\n
- Capability inventory: The agent can initiate transfers (
outboundPayments.create) and create cards based on these inputs.\n - Sanitization: The skill provides robust sanitization logic, such as wallet address validation in
rules/crypto-validate-wallet-address.mdand cash balance checks before operations.
Audit Metadata