paystack-splits
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill contains documentation and helper-based code snippets for managing multi-party payment splits via the Paystack API. It does not include standalone executable files, shell commands, or obfuscated instructions.
- [INDIRECT_PROMPT_INJECTION]: The skill handles untrusted data inputs such as split names, email addresses, and subaccount IDs, creating a standard surface for indirect prompt injection.
- Ingestion points: External data enters through parameters in the
paystackRequestfunction calls documented inSKILL.md(e.g.,name,email,subaccount). - Boundary markers: None are explicitly used in the documentation's code snippets to differentiate between instructions and data.
- Capability inventory: The skill facilitates network requests (POST, GET, PUT) to the Paystack API endpoints.
- Sanitization: The provided code snippets use
JSON.stringifyfor basic data serialization, which does not provide protection against prompt-based instruction injection.
Audit Metadata