pakistan-payments-stack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly requires the agent to ingest and act on provider-issued merchant/developer integration docs and public provider URLs (e.g., JazzCash/Easypaisa/SBP links) as mandatory inputs for webhook, API, and signature handling, so untrusted third‑party content can directly influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payments integration stack for Pakistani payment providers (JazzCash, Easypaisa, bank/PSP, Raast). It defines payment-specific types and functions (e.g., CreatePaymentParams, PaymentsService.createPayment, verifyAndHandleWebhook), mandates handling provider APIs/webhooks, settlement and payout timing, refunds, reconciliation runs, and pulling transaction data via provider API/exports. These are specific payment gateway and banking/rail interactions intended to create, verify, reconcile, and manage real money transactions — not generic tooling. Therefore it grants direct financial execution capability.