Skills
skills/agentskillexchange/skills/Stripe Payments Connector/Gen Agent Trust Hub

Stripe Payments Connector

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill is installed using npx skills add agentskillexchange/skills, which downloads the skill configuration and scripts from the vendor's repository.
  • [COMMAND_EXECUTION]: Installation requires executing shell commands (npx and clawhub) to add the skill to the agent environment.
  • [PROMPT_INJECTION]: The skill processes external data through Stripe webhooks via stripe.webhooks.constructEvent(). This represents an indirect prompt injection surface where data from the Stripe API enters the agent context.
  • Ingestion points: stripe.webhooks.constructEvent() processes incoming webhook payloads from Stripe.
  • Boundary markers: The skill relies on the SDK's internal handling of event objects.
  • Capability inventory: The skill can create PaymentIntents, manage subscriptions, and process refunds via the stripe tool.
  • Sanitization: The use of stripe.webhooks.constructEvent() performs mandatory cryptographic signature verification to ensure the data is authentically from Stripe before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 04:34 AM