Stripe Cli

The skill is designed for safe Stripe CLI operations, with strong documentation (`SKILL.md`, `references/*.md`) emphasizing security guardrails, test-mode-first usage, and secret redaction (`scripts/stripe-sanitize.sh`). However, the `scripts/stripe-dev-listen.sh` script allows forwarding Stripe webhooks to arbitrary URLs, which could be exploited for data exfiltration or SSRF if the agent is compromised or given malicious instructions, despite including a warning for non-localhost targets. This constitutes a risky capability without clear malicious intent, classifying it as suspicious.