pp-stripe
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the
stripe-pp-clibinary and an MCP server usingnpx(package@mvanhorn/printing-press) andgo installfrom the author's GitHub repository (github.com/mvanhorn/printing-press-library).- [COMMAND_EXECUTION]: The skill functions by instructing the agent to execute thestripe-pp-clibinary to perform various Stripe operations and query local data.- [DATA_EXFILTRATION]: Thestripe-pp-clitool includes a--deliver webhook:<url>flag that enables sending command outputs—containing potentially sensitive Stripe resource data—to an external URL.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from the Stripe API and executes commands based on user-supplied inputs and SQL queries. - Ingestion points: Stripe API resources (metadata, customer details) and user-provided SQL query strings.
- Boundary markers: Absent; no specific instructions are provided to the agent to delimit or ignore embedded instructions in the processed data.
- Capability inventory: Shell command execution of the
stripe-pp-clitool via theBashtool. - Sanitization: Absent; the skill does not specify procedures for validating or escaping Stripe data or SQL inputs.
Audit Metadata