The Agent Skills Directory

Official Documentation References: The skill extensively references Stripe's official documentation at docs.stripe.com. These links provide authoritative guidance on integration patterns, API versions, and compliance requirements.
Security Best Practices: The references/security.md file contains robust advice on managing sensitive credentials. It highlights the importance of using Restricted API keys (RAKs), rotating keys, and utilizing secret management services like AWS Secrets Manager or HashiCorp Vault.
Credential Protection: The skill includes explicit instructions for the agent to avoid hardcoding API keys and to detect potential exposures in user code. It correctly identifies sk_... and rk_... prefixes as markers for sensitive Stripe credentials.
Compliance Guidance: It provides informative sections on PCI compliance and secure webhook handling, recommending signature verification as a standard security measure.
No Executable Risk: The skill consists entirely of instructional text and documentation. It does not include scripts, dynamic code execution, or network exfiltration patterns.

stripe-best-practices