stripe
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill primarily consists of documentation (references) and utility scripts for managing Stripe payments and subscriptions.
- [SAFE]: All Python scripts (
setup_products.py,simulate_subscription.py,sync_subscriptions.py, etc.) use the official Stripe SDK and standard Python libraries (os, sys, json, flask). They do not perform unauthorized network operations or access sensitive local files beyond the specified environment variables. - [SAFE]: Security is a core focus of the documentation. Multiple files (
webhooks-production.md,SKILL.md,typescript-nextjs.md) emphasize the critical importance of webhook signature verification to prevent spoofing. - [SAFE]: The skill correctly recommends managing secrets via environment variables (
STRIPE_SECRET_KEY) and Restricted API Keys (RAKs) to limit the blast radius of credentials, which is an industry standard for secure agentic workflows. - [SAFE]: No obfuscation, prompt injection attempts, or persistence mechanisms were identified across the 25 files analyzed.
Audit Metadata