AgentReadyHomeAgent Listing

← Stripe stripe-best-practices

Stripe stripe-best-practices — agentic threat model

6.8AIVSS 6.8 · Medium

This agent acts as an authoritative knowledge injector for Stripe integration patterns; while its direct execution risk is low due to its advisory nature, a compromise of its guidance could lead to widespread insecure implementations of payment systems.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.3AARS uplift 0.85Factor sum 2.3/10Threat ×1.0Mitigation ×0.95
Autonomy of Action
0.10
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.10
Contextual Awareness
0.60
Dynamic Identity
0.00
Multi-Agent Interactions
0.40
Non-Determinism
0.50
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — relies on the host coding agent's underlying foundation model. Threats include prompt injection that could bypass security guidance or force the model to recommend deprecated, insecure, or malicious Stripe integration patterns.

L2 · Data Operations✓ mapped

The agent ingests authoritative Stripe documentation synced from docs.stripe.com/.well-known/skills. The primary threat is knowledge-base poisoning or man-in-the-middle attacks during the sync process, leading to compromised integration patterns being served to developers.

L3 · Agent Frameworks✓ mapped

Acts as an 'Agent Skill' injected into a host framework. The framework must securely parse and isolate the SKILL.md instructions to prevent malicious instructions from hijacking the host agent's tool-calling or planning capabilities.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — deployment depends entirely on the host environment running the coding agent. If the host lacks sandboxing, executing code generated based on this agent's advice could expose local developer environments.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of built-in evaluation, logging, or guardrails to verify if the generated Stripe code actually adheres to the security practices (like restricted keys and webhook signatures) it recommends.

L6 · Security & Compliance (cross-cutting)✓ mapped

Focuses heavily on security best practices (restricted keys, webhooks, OAuth) as content, but the agent itself does not enforce compliance, authentication, or authorization controls on the code it generates or the developer using it.

L7 · Agent Ecosystem✓ mapped

Designed to be injected into other coding agents. A compromised Stripe skill could propagate vulnerabilities horizontally to multiple developer agents, leading to cascading security flaws across numerous downstream software integrations.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).