The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Fetches the @alipay/agent-payment package from the official npm registry. The package is within the verified @alipay scope belonging to the vendor.
[SAFE]: Implements a mandatory integrity verification step using a SHA-512 hash that must be checked before the agent proceeds with the installation of external components, mitigating supply chain risks.
[COMMAND_EXECUTION]: Uses the alipay-bot CLI to perform wallet operations. The skill includes explicit security constraints for the agent to sanitize user-provided text (such as escaping single quotes) before passing it as a command-line argument to prevent command injection.
[DATA_EXFILTRATION]: Defines a strict environment variable whitelist and explicitly forbids the agent from passing sensitive information, such as API keys or access tokens, to the CLI tool.
[PROMPT_INJECTION]: The skill metadata contains a self-authoritative safety claim ("provided by Alipay, no security risk"). This is documented as a self-referential instruction but does not represent a security vulnerability in the context of this vendor-provided skill.

alipay-authenticate-wallet