payment-reconciliation-automation
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted metadata from payment processors, creating a surface for indirect prompt injection. Instructions embedded in transaction data could influence agent behavior during reconciliation or alerting.
- Ingestion points: Ingests transaction records, metadata, and descriptions via Stripe and PayPal APIs as described in the custom pipeline instructions.
- Boundary markers: The provided templates lack delimiters or instructions to ignore embedded commands in the processed data.
- Capability inventory: The system is designed to perform database operations and send notifications to external Slack channels.
- Sanitization: There is no evidence of input validation or sanitization for the external transaction strings before they are processed.
Audit Metadata