paystack-disputes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches dispute data, including messages and history, from the Paystack API (e.g., GET /dispute, GET /dispute/:id and the "List pending disputes" flow in SKILL.md), which is user-generated third‑party content that the agent is expected to read and that directly influences dispute resolution actions—creating a plausible avenue for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Paystack Disputes integration (a payment gateway). It exposes endpoints to update and resolve disputes, including setting refund_amount and resolution actions (e.g., merchant-accepted, declined). Those operations can change transaction outcomes and trigger refunds/chargeback resolutions via the payment provider, which is direct financial execution capability.