pp-stripe

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the stripe-pp-cli binary and an MCP server using npx (package @mvanhorn/printing-press) and go install from the author's GitHub repository (github.com/mvanhorn/printing-press-library).- [COMMAND_EXECUTION]: The skill functions by instructing the agent to execute the stripe-pp-cli binary to perform various Stripe operations and query local data.- [DATA_EXFILTRATION]: The stripe-pp-cli tool includes a --deliver webhook:<url> flag that enables sending command outputs—containing potentially sensitive Stripe resource data—to an external URL.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from the Stripe API and executes commands based on user-supplied inputs and SQL queries.
  • Ingestion points: Stripe API resources (metadata, customer details) and user-provided SQL query strings.
  • Boundary markers: Absent; no specific instructions are provided to the agent to delimit or ignore embedded instructions in the processed data.
  • Capability inventory: Shell command execution of the stripe-pp-cli tool via the Bash tool.
  • Sanitization: Absent; the skill does not specify procedures for validating or escaping Stripe data or SQL inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 06:30 PM
Security Audit — agent-trust-hub — pp-stripe