skills/josiahsiegel/claude-plugin-marketplace/stripe-list-pagination-previous-attributes/Gen Agent Trust Hub
stripe-list-pagination-previous-attributes
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No instructions were found that attempt to bypass safety guidelines, override system prompts, or extract internal instructions.
- [DATA_EXFILTRATION]: The skill does not contain hardcoded credentials, API keys, or logic that attempts to exfiltrate data to unauthorized external endpoints. It uses the Stripe SDK for standard API interactions.
- [REMOTE_CODE_EXECUTION]: There is no evidence of remote script execution, dynamic code generation, or the use of unsafe execution functions like eval or exec.
- [COMMAND_EXECUTION]: No shell commands, subprocess spawning, or dynamic context injection patterns (such as !commands) are present.
- [EXTERNAL_DOWNLOADS]: The skill does not download external dependencies or scripts at runtime. It references the standard Stripe Node.js library.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data (Stripe invoices and events) which constitutes a data ingestion surface. However, the logic is confined to deterministic data mapping and pagination, with no capabilities that would allow ingested data to influence agent control flow or execute arbitrary commands.
- [OBFUSCATION]: No obfuscated strings, hidden Unicode characters, or multi-layer encoding techniques were detected in the instructions or code snippets.
Audit Metadata