alipay-aipay-product-intro

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires extracting and verbatim forwarding the complete HTTP 402 response (including all headers and signed URL parameters), which can contain sensitive signatures/tokens, so the LLM must output secret-like values directly.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements an Alipay payment flow: it detects HTTP 402 Payment-Needed responses, extracts the full 402 response, and then calls a named payment handler skill ("alipay-pay-for-402-service") to complete the payment. This is a specific integration with a payment gateway (Alipay) and an explicit handoff to a payment-execution skill, not a generic API caller or browser automation. Because it is explicitly designed to trigger/coordinate real payment operations, it grants direct financial execution capability.