ap2-payment-processor

Warn

Audited by Snyk on Mar 31, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The SKILL.md "Before writing code" steps explicitly instruct the agent to fetch live docs from open/public sites (e.g., https://ap2-protocol.org/specification/ and web-search GitHub for samples), meaning the agent will ingest untrusted third-party content that can influence its implementation decisions and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly and specifically defined to perform payment operations: it constructs payment authorization messages, requests credentials, submits transactions to payment networks/issuers, handles 3DS2/OTP challenges, and integrates with payment gateways (Stripe, Adyen), card networks and issuing banks. These are concrete, purpose-built financial execution actions (sending authorizations/processing payments), not generic tooling. Therefore it grants direct financial execution authority.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 06:09 AM
Issues
2
Security Audit — snyk — ap2-payment-processor