Stripe Connect Marketplace Sync
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behavior, obfuscation, or unauthorized access patterns were detected. The skill is a legitimate resource for implementing payment processing via Stripe Connect.
- [EXTERNAL_DOWNLOADS]: The skill references the official 'stripe' Node.js library and Stripe's developer documentation, which are well-known and trusted resources for the intended functionality.
- [COMMAND_EXECUTION]: Installation instructions utilize standard commands for the agentskillexchange ecosystem (e.g., npx skills add, clawhub install), which are consistent with the skill's authorship.
- [PROMPT_INJECTION]: The skill describes processing external data from the Stripe API and webhook notifications, which constitutes a potential ingestion surface for indirect prompt injection. However, the use-case is legitimate and follows standard API integration patterns.
- Ingestion points: Stripe API response objects and marketplace webhook events (SKILL.md).
- Boundary markers: None explicitly mentioned in the documentation.
- Capability inventory: Management of PaymentIntents, fund transfers, and merchant onboarding via the Stripe API.
- Sanitization: Relies on the official stripe-node SDK for data ingestion and API communication.
Audit Metadata