monetization

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides code templates for Stripe integration. It correctly demonstrates security best practices such as:
  • Using environment variables (os.environ) for sensitive credentials like STRIPE_SECRET_KEY and STRIPE_WEBHOOK_SECRET instead of hardcoding them.
  • Implementing signature verification in the webhook handler (stripe.Webhook.construct_event) to ensure requests originate from Stripe.
  • Using the official Stripe Customer Portal for secure user-managed billing.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official stripe package via standard package managers (pip or npm). These are well-known services and do not escalate the security risk.
  • [DATA_EXPOSURE]: No sensitive data access or unauthorized network exfiltration patterns were detected. The code snippets follow standard documentation patterns for the Stripe API.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 08:02 PM
Security Audit — agent-trust-hub — monetization