stripe-link-cli
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill facilitates the retrieval of unmasked financial credentials, including full credit card numbers and security codes (CVV).
- [CREDENTIALS_UNSAFE]: Instructions suggest storing raw payment data in local files on the system, which creates a high-risk exposure point for sensitive PCI data.
- [CREDENTIALS_UNSAFE]: Authentication secrets are saved to local files, which could be accessed by unauthorized processes or users.
- [COMMAND_EXECUTION]: The skill relies on shell command execution for its core functionality, which involves passing and processing sensitive financial secrets through the command line environment.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @stripe/link-cli package from the NPM registry.
- [DATA_EXFILTRATION]: The skill provides mechanisms to send payment-related tokens and credentials to external merchant URLs.
- [PROMPT_INJECTION]: The skill ingests untrusted merchant URLs and names via CLI flags in SKILL.md without using boundary markers. Its capability inventory includes file writes and network operations, and no sanitization of interpolated strings is observed.
Recommendations
- AI detected serious security threats
Audit Metadata