Stripe Revenue Reconciliation Agent
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is distributed through the author's repository and installed via the npx package runner.\n- [PROMPT_INJECTION]: The skill processes financial transaction data from the Stripe API, which represents an indirect prompt injection surface where maliciously crafted transaction metadata could attempt to influence the agent's behavior.\n
- Ingestion points: External data enters the context via Stripe API records for charges, refunds, disputes, and payouts.\n
- Boundary markers: The documentation does not specify the use of clear delimiters or instructions to ignore instructions within the transaction data.\n
- Capability inventory: The agent has the capability to read sensitive financial data and generate CSV reports.\n
- Sanitization: No specific sanitization or validation routines for the ingested Stripe metadata are described.
Audit Metadata