paystack-charges

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs prompting for and then embedding sensitive values like PINs, OTPs, tokens, and authorization codes directly into request bodies (and shows literal secret-like examples), which requires the agent to handle secret values verbatim.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payment integration for Paystack and provides direct, specific endpoints and helper flows to create and manage charges (POST /charge), submit PIN/OTP/phone/birthday/address for authentication, and poll charge status. It is purpose-built to initiate and control monetary transactions across channels (card, bank debit, USSD, mobile money, QR, EFT, etc.), i.e., it can send actual payment transactions rather than being a generic API caller or browser automation. Therefore it grants direct financial execution capability.