connect-recommend
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- Interactive Discovery Model: The skill relies on the
AskUserQuestiontool for primary interactions, ensuring that major configuration decisions are mediated by the user rather than executed autonomously. - Project Analysis Surface: The skill uses
Grep,Glob, andReadto scan the local codebase for existing Connect patterns. This allows it to pre-fill discovery questions based on the developer's current progress, enhancing utility without introducing privilege concerns. - Business Research Logic: It utilizes a
Tasktool to invoke a subagent for researching company URLs and business descriptions. This is a standard integration of business context into the recommendation workflow and does not involve unauthorized data access. - Internal Validation Matrix: The skill references a comprehensive suite of internal markdown files (e.g.,
compatibility-matrix.md,decision-matrix.md) to validate recommendations against known Stripe integration best practices, helping to avoid misconfigurations like liability-model mismatches. - Indirect Prompt Injection (Surface Analysis): The skill processes untrusted input such as company URLs and business descriptions which are then passed to a subagent. While this creates a theoretical attack surface for influencing the agent's logic, the interactive nature and the output format (markdown recommendation) significantly limit the risk of malicious exploitation.
- Credential Safety: The skill contains no hardcoded API keys or secrets; all configuration is handled through logical dimensions and official documentation references (e.g.,
stripe.com/pricing).
Audit Metadata