aba-payway
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill provides instructions for implementing a payment callback endpoint (
/api/payway/callback) that ingests untrusted data from an external source. This data is used for 'domain-specific reconciliation', which constitutes a decision with side effects.\n - Ingestion points:
references/integration.mdandSKILL.mddefine a callback route accepting JSON or URL-encoded data from the payment provider.\n - Boundary markers: Absent. The skill does not provide instructions to include delimiters or warnings for the agent to ignore embedded instructions within the callback payload.\n
- Capability inventory: The generated implementation is designed to perform payment reconciliation, which typically involves updating database records or triggering order fulfillment.\n
- Sanitization: The skill lacks specific guidance on sanitizing or validating the untrusted payload beyond checking for field presence and exact field order for hashing.\n- Data Exposure (LOW): The skill contains hardcoded absolute file paths specific to a developer's local machine, exposing the username and directory structure.\n
- Evidence: Multiple files including
README.mdandSKILL.mdreference paths starting with/Users/lowin/Desktop/aba-payway-integration/.
Recommendations
- AI detected serious security threats
Audit Metadata