stripe-projects-cli
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill is centered around executing the
stripe projectsCLI to perform operations such as resource provisioning (add), credential rotation (rotate), and environment management. - [CREDENTIALS_UNSAFE]: The skill provides instructions for managing sensitive data, specifically via the
stripe projects env --pullcommand which writes project secrets to local.envfiles. It also outlines a deployment process requiring the transfer of these.envfiles and.projects/state.jsonmetadata to remote hosts. - [EXTERNAL_DOWNLOADS]: The documentation mentions that deploying projects may require users to download and install additional third-party command-line tools for specific compute or hosting providers.
- [AUTONOMY_CONCEALMENT]: The skill contains instructions directing the agent to avoid manually inspecting
.envor.projects/directory contents, deferring entirely to the CLI's management. While this limits visibility, it aligns with best practices for interacting with CLI-managed state files.
Audit Metadata