stripe
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes official and well-known Stripe packages (stripe and @stripe/stripe-js) for handling payment operations.\n- [SAFE]: Webhook implementation includes mandatory signature verification using the Stripe SDK (stripe.webhooks.constructEvent) to prevent spoofing and ensure data integrity.\n- [SAFE]: Secret management is handled correctly through the use of environment variable placeholders for API keys and webhook secrets, preventing credential exposure.\n- [SAFE]: The skill provides explicit security advice in the 'Common Mistakes' section, such as avoiding reliance on client-side amounts and implementing proper error handling.
Audit Metadata