laravel-billing

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides standard implementation templates for Laravel Cashier (Stripe and Paddle integrations). The code follows established Laravel patterns and security practices for billing systems.
  • [SAFE]: Security best practices are emphasized throughout the documentation, including the use of webhooks instead of client-side confirmations, handling grace periods, and verifying webhook signatures to prevent spoofing.
  • [SAFE]: Sensitive configuration data, such as API keys and price identifiers, are managed through environment variables (env()) and Laravel's configuration system, avoiding hardcoded secrets.
  • [SAFE]: Webhook routes are correctly handled with instructions to exclude them from CSRF protection while maintaining security through signature verification handled by the official Cashier package.
  • [SAFE]: Invoice downloads are secured using Laravel's signed URL features (middleware('signed')), ensuring that only authorized users or recipients of the specific link can access the documents.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 10:28 AM
Security Audit — agent-trust-hub — laravel-billing