monetization
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides code templates for Stripe integration. It correctly demonstrates security best practices such as:
- Using environment variables (
os.environ) for sensitive credentials likeSTRIPE_SECRET_KEYandSTRIPE_WEBHOOK_SECRETinstead of hardcoding them. - Implementing signature verification in the webhook handler (
stripe.Webhook.construct_event) to ensure requests originate from Stripe. - Using the official Stripe Customer Portal for secure user-managed billing.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official
stripepackage via standard package managers (pipornpm). These are well-known services and do not escalate the security risk. - [DATA_EXPOSURE]: No sensitive data access or unauthorized network exfiltration patterns were detected. The code snippets follow standard documentation patterns for the Stripe API.
Audit Metadata