laravel-billing
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides standard implementation templates for Laravel Cashier (Stripe and Paddle integrations). The code follows established Laravel patterns and security practices for billing systems.
- [SAFE]: Security best practices are emphasized throughout the documentation, including the use of webhooks instead of client-side confirmations, handling grace periods, and verifying webhook signatures to prevent spoofing.
- [SAFE]: Sensitive configuration data, such as API keys and price identifiers, are managed through environment variables (
env()) and Laravel's configuration system, avoiding hardcoded secrets. - [SAFE]: Webhook routes are correctly handled with instructions to exclude them from CSRF protection while maintaining security through signature verification handled by the official Cashier package.
- [SAFE]: Invoice downloads are secured using Laravel's signed URL features (
middleware('signed')), ensuring that only authorized users or recipients of the specific link can access the documents.
Audit Metadata