Skills
skills/agentskillexchange/skills/Stripe Connect Account Provisioner/Gen Agent Trust Hub

Stripe Connect Account Provisioner

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references the official Stripe Node.js SDK and provides installation commands via npx and clawhub. These references target a well-known service (Stripe) and the author's own infrastructure (agentskillexchange), which is consistent with standard installation practices.
  • [PROMPT_INJECTION]: The skill is designed to process account.updated webhook events, which introduces an indirect prompt injection surface where external data from Stripe enters the agent context.
  • Ingestion points: Stripe webhook payloads for account.updated events as described in SKILL.md.
  • Boundary markers: No specific boundary markers or instructions to disregard embedded instructions within the webhook data are documented.
  • Capability inventory: The skill performs account creation and KYC link generation using stripe.accountLinks.create() and monitors account status.
  • Sanitization: The documentation does not describe any sanitization or validation logic for the ingested webhook data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 04:34 AM