stripe-projects-cli

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill is centered around executing the stripe projects CLI to perform operations such as resource provisioning (add), credential rotation (rotate), and environment management.
  • [CREDENTIALS_UNSAFE]: The skill provides instructions for managing sensitive data, specifically via the stripe projects env --pull command which writes project secrets to local .env files. It also outlines a deployment process requiring the transfer of these .env files and .projects/state.json metadata to remote hosts.
  • [EXTERNAL_DOWNLOADS]: The documentation mentions that deploying projects may require users to download and install additional third-party command-line tools for specific compute or hosting providers.
  • [AUTONOMY_CONCEALMENT]: The skill contains instructions directing the agent to avoid manually inspecting .env or .projects/ directory contents, deferring entirely to the CLI's management. While this limits visibility, it aligns with best practices for interacting with CLI-managed state files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 11:35 AM
Security Audit — agent-trust-hub — stripe-projects-cli