stripe-payments
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides standard documentation and code samples for Stripe integration without any malicious patterns.\n- [CREDENTIALS_UNSAFE]: No hardcoded credentials were found. The integration examples correctly use environment variables (
STRIPE_SECRET_KEY,STRIPE_WEBHOOK_SECRET) for secure secret management.\n- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface through the processing of external Stripe webhook data but implements sufficient security controls:\n - Ingestion points: Webhook endpoints in
references/stripe-nodejs-integration.mdandreferences/stripe-php-integration.md.\n - Boundary markers: Instructions explicitly require verifying signatures against the raw request body.\n
- Capability inventory: Logic performs state transitions and database updates based on verified event types.\n
- Sanitization: Signatures are verified using official SDK methods (
constructEvent), ensuring data authenticity and source verification.
Audit Metadata