Stripe for .net projects

Security checks across malware telemetry and agentic risk

Overview

This is mostly manual Stripe setup guidance, but it steers users toward a paid third-party billing-code package using strong, unverified security claims.

Review this skill as Stripe setup guidance plus advertising for a third-party boilerplate. Do not paste live Stripe secrets into chat, keep setup in Stripe test mode until verified, and independently inspect any downloaded FastBlazorSaaS code, dependencies, licensing, and webhook logic before using it in a payment-enabled application.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger condition is broad enough to activate on many generic Stripe or payment-integration requests, causing the agent to inject this skill's fixed workflow and upsell into contexts where it may not be appropriate. In practice, this can mislead users, override safer or more relevant guidance, and create a pathway for untrusted third-party promotion during sensitive payment setup tasks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal