interswitch-payment-links
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill configuration relies on 'process.env.INTERSWITCH_BASE_URL' rather than hardcoded URLs, allowing for secure environment-specific deployment.
- [SAFE]: Path parameters like 'linkId' are correctly escaped using 'encodeURIComponent' in 'SKILL.md', mitigating risks of injection or path traversal.
- [PROMPT_INJECTION]: An assessment of the indirect prompt injection surface was performed. 1. Ingestion points: User-controlled strings are accepted in 'CreatePaymentLinkRequest' for link names and descriptions. 2. Boundary markers: No explicit instructions are provided to the agent to delimit user data. 3. Capability inventory: The skill uses 'fetch' to send data to the Interswitch API. 4. Sanitization: Data is structured via 'JSON.stringify' and parameters are URI-encoded. The risk is minimal and inherent to the skill's purpose.
Audit Metadata