stripe-link-cli
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@stripe/link-clipackage from the official npm registry and references its source code on GitHub. These are well-known services provided by Stripe, a reputable financial technology company. - [COMMAND_EXECUTION]: The skill executes various
link-clishell commands to manage authentication and payment workflows. The instructions specifically guide the agent to use the--output-fileflag when retrieving card details, which ensures that sensitive Primary Account Numbers (PAN) are stored in a restricted-permission file on disk rather than being printed to stdout or entering the agent's reasoning logs. It also includes steps for immediate cleanup of these temporary sensitive files. - [PROMPT_INJECTION]: The skill includes instructions to confirm totals with users before issuing spend requests and establishes that the agent cannot self-approve transactions, as every purchase is gated by an out-of-band approval in the user's Link app.
Audit Metadata