Skills
skills/midudev/autoskills/stripe-best-practices/Gen Agent Trust Hub

stripe-best-practices

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides extensive security guidance in references/security.md, covering API key management, Restricted API Keys (RAKs), and incident response. It correctly identifies hardcoding keys as an antipattern and recommends industry-standard secrets management tools like AWS Secrets Manager or HashiCorp Vault.
  • [SAFE]: All external references target official Stripe documentation (docs.stripe.com) and support resources (support.stripe.com), which are well-known and trusted services. There are no downloads or executions from untrusted sources.
  • [SAFE]: The skill actively guides users away from deprecated or insecure legacy APIs (such as the Charges API and Sources API) and encourages the use of modern, more secure alternatives like Checkout Sessions and PaymentIntents.
  • [SAFE]: It includes practical security measures like advising on webhook signature verification to prevent spoofing and using the state parameter in OAuth flows to protect against CSRF attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 08:10 PM
Security Audit — agent-trust-hub — stripe-best-practices