paystack-transfer-recipients
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely instructional and provides templates for interacting with a legitimate third-party API (Paystack). No malicious commands, obfuscation, or persistence mechanisms were detected.- [DATA_EXPOSURE]: The skill handles potentially sensitive information like bank account numbers and recipient names. However, this data is necessary for the skill's primary purpose of managing payment beneficiaries and is handled via a structured helper function.- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user input via fields such as
name,description, andmetadatawhich are sent to the Paystack API. - Ingestion points: Inputs are accepted in the
POST /transferrecipientandPUT /transferrecipient/:id_or_codeendpoints. - Boundary markers: The code examples demonstrate the use of
JSON.stringify()which helps ensure data is treated as a string rather than instructions. - Capability inventory: The skill facilitates network operations via the
paystackRequesthelper function. - Sanitization: The skill correctly uses
encodeURIComponent()when interpolating variables into URL paths to prevent path traversal or URI injection.
Audit Metadata