Skills
skills/mvanhorn/printing-press-library/pp-stripe/Gen Agent Trust Hub

pp-stripe

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent or user to install the stripe-pp-cli and stripe-pp-mcp binaries from the author's GitHub repository and NPM scope using go install and npx.
  • [COMMAND_EXECUTION]: The skill's primary functionality relies on executing shell commands via the stripe-pp-cli binary to interact with the Stripe API and a local SQLite database.
  • [DATA_EXFILTRATION]: The CLI tool includes a --deliver webhook:<url> feature that allows the output of any command (which may contain sensitive Stripe account data) to be transmitted to an external HTTP endpoint. It also features a feedback mechanism (stripe-pp-cli feedback --send) that can send data to a remote endpoint if configured.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process data from the Stripe API (e.g., customer names, metadata, invoice descriptions) and store it in a local SQLite mirror. Maliciously crafted data in these external fields could potentially influence the agent's behavior when it reads and processes the command output.
  • Ingestion points: Stripe API endpoints (customers, subscriptions, invoices, events) and a local SQLite database file.
  • Boundary markers: None explicitly defined in the prompt instructions to isolate data from instructions.
  • Capability inventory: The agent has access to Read Bash tools and the stripe-pp-cli binary, which can perform network operations and local file access.
  • Sanitization: No explicit sanitization or validation of the ingested Stripe data is described in the skill content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 06:54 PM