stripe-webhook-idempotency
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides implementation guidelines and code snippets for handling Stripe webhooks securely.
- [SAFE]: It correctly emphasizes the use of signature verification (via stripe.webhooks.constructEventAsync) to ensure incoming requests originate from Stripe, protecting against spoofing attacks.
- [SAFE]: It provides robust patterns for idempotency and event deduplication using database transactions and unique constraints, which prevents race conditions and duplicate processing of payment events.
- [SAFE]: No malicious patterns, prompt injections, obfuscation, or unauthorized data access were identified. The use of environment variables for secrets (env.STRIPE_WEBHOOK_SECRET) follows standard security practices.
Audit Metadata