Skills
skills/alipay/ai/alipay-pay-for-service/Gen Agent Trust Hub

alipay-pay-for-service

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is authored by 'alipay' and utilizes vendor-owned resources, including the @alipay/agent-payment npm package and official GitHub repositories.
  • [EXTERNAL_DOWNLOADS]: Fetches the necessary CLI tool from the public npm registry. It explicitly requires a manual integrity check (SHA-512 hash) before installation to ensure the package has not been tampered with.
  • [COMMAND_EXECUTION]: Employs the alipay-bot CLI for payment processing. The instructions include specific security requirements for shell execution, such as using single quotes for all parameters and escaping existing single quotes within inputs to prevent shell injection.
  • [PROMPT_INJECTION]: Addresses the surface for indirect prompt injection and command injection through a multi-layered approach: (1) Ingestion points: Untrusted data enters via the --payment-link parameter; (2) Boundary markers: Explicit instructions to wrap parameters in single quotes and sanitize nested quotes; (3) Capability inventory: Uses alipay-bot for payment submission and status queries; (4) Sanitization: Implements domain whitelisting (matching cashier*.alipay.com or excashier.alipay.com) and structure-based validation for the --intent-summary field.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 07:01 PM
Security Audit — agent-trust-hub — alipay-pay-for-service