wf-api-integration

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides legitimate integration templates for financial services. The generated code uses standard industry practices for secure API communication.
  • [PROMPT_INJECTION]: The skill's instructions are purely functional and pedagogical, containing no patterns that attempt to bypass AI safety filters or override core agent behaviors.
  • [CREDENTIALS_UNSAFE]: The skill explicitly mandates that private keys and client IDs must not be hardcoded in the source code. It provides configuration structures that favor environment variables and secure local file paths for secret management.
  • [DATA_EXFILTRATION]: All network operations defined in the templates are directed to verified WorldFirst and Alipay API endpoints. The implementation includes mandatory signature verification for incoming data to ensure authenticity and integrity.
  • [EXTERNAL_DOWNLOADS]: Dependencies identified in the project files, such as the Python 'requests' and 'cryptography' libraries, are standard, official packages used for secure HTTP requests and RSA signing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 09:55 PM
Security Audit — agent-trust-hub — wf-api-integration