stripe
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- Remote Code Execution (CRITICAL): The skill instructs users to install software using
curl -sSL https://canifi.com/skills/stripe/install.sh | bash. Piped remote execution from an untrusted domain allows for full system compromise as the script can execute arbitrary commands with the user's privileges without prior inspection. - External Downloads (HIGH): The installation process fetches scripts from
canifi.com, which is not a verified or trusted source. There are no integrity checks (e.g., checksums or signatures) to ensure the scripts have not been tampered with. - Credentials Unsafe (HIGH): The skill prompts users to store
SERVICE_EMAILandSERVICE_PASSWORDin environment variables viacanifi-env. These sensitive credentials, while stated to be "local," are readily accessible to the agent or any other script running in the same environment, creating a high risk of credential theft. - Indirect Prompt Injection (LOW): The skill ingests untrusted data from the Stripe dashboard (e.g., transaction notes, customer names).
- Ingestion points: Stripe Dashboard (
dashboard.stripe.com) via Playwright MCP. - Boundary markers: Absent; the skill does not define delimiters for external data.
- Capability inventory: Shell execution (
bash) and browser automation (Playwright). - Sanitization: Absent; there is no mention of filtering or escaping data read from the dashboard before processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/stripe/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata