alipay-payment-integration
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches payment product documentation and integration guidelines from official Alipay domains such as ideservice.alipay.com. This ensures the agent has access to the most recent API specifications and examples.
- [COMMAND_EXECUTION]: Employs curl commands to retrieve content from the specified Alipay documentation URLs. This is a functional requirement of the skill to provide accurate and updated information to the user.
- [PROMPT_INJECTION]: Identified as a surface for potential indirect prompt injection because the skill processes content from external websites.
- Ingestion points: Documentation is fetched via curl from ideservice.alipay.com as specified in SKILL.md.
- Boundary markers: Absent; there are no instructions for the agent to use delimiters or ignore instructions embedded within the fetched documentation.
- Capability inventory: The skill allows the agent to generate code, provide troubleshooting advice, and guide the user through payment flows based on the fetched data.
- Sanitization: Absent; the skill does not define methods for validating or sanitizing the content retrieved from the external URLs before it influences agent behavior.
Audit Metadata