stripe-webhook-idempotency

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides implementation guidelines and code snippets for handling Stripe webhooks securely.
  • [SAFE]: It correctly emphasizes the use of signature verification (via stripe.webhooks.constructEventAsync) to ensure incoming requests originate from Stripe, protecting against spoofing attacks.
  • [SAFE]: It provides robust patterns for idempotency and event deduplication using database transactions and unique constraints, which prevents race conditions and duplicate processing of payment events.
  • [SAFE]: No malicious patterns, prompt injections, obfuscation, or unauthorized data access were identified. The use of environment variables for secrets (env.STRIPE_WEBHOOK_SECRET) follows standard security practices.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:39 AM
Security Audit — agent-trust-hub — stripe-webhook-idempotency