alipay-merchant-onboarding
Pass
Audited by Gen Agent Trust Hub on May 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is configured to download the official alipay-cli installation script from the vendor's domain at https://opengw.alipay.com/alipaycli/install. This is a legitimate operation from a trusted source to establish the necessary execution environment.
- [COMMAND_EXECUTION]: The skill executes the downloaded installation script via bash piping and uses the alipay-cli to perform various merchant operations such as status queries and application submissions. These executions are aligned with the primary functionality of the skill.
- [PROMPT_INJECTION]: The skill ingests untrusted user-provided business descriptions to provide industry category recommendations, which represents a surface for indirect prompt injection. 1. Ingestion points: User descriptions provided during the 'Solution Planning' stage (Step 2). 2. Boundary markers: No specific delimiters are used to wrap the untrusted data. 3. Capability inventory: The skill can execute multiple shell commands via the alipay-cli for account signing and application management. 4. Sanitization: The skill uses jq to parse tool outputs but does not explicitly sanitize the input business descriptions used for semantic matching.
Audit Metadata