extension-stripe
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a standard e-commerce workflow for Stripe integration. It correctly utilizes authorization checks via 'AccessControl' to restrict sensitive functions, such as setting the Stripe secret key, to administrators only.\n- [DATA_EXFILTRATION]: No unauthorized data exfiltration patterns were detected. Network communication is performed through 'caffeineai-http-outcalls' to interact with Stripe's API as expected for the skill's purpose.\n- [CREDENTIALS_UNSAFE]: The skill handles sensitive Stripe credentials (secretKey) via an admin-restricted configuration mechanism rather than hardcoding them. It follows best practices by instructing users to provide these keys through a secure setup flow.\n- [PROMPT_INJECTION]: No prompt injection or behavior override patterns were found in the instructions or code blocks.\n- [COMMAND_EXECUTION]: No unauthorized shell command execution or privilege escalation attempts were detected.
Audit Metadata