cloudbase-wechat-integration

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to "load the matching reference and the official index.md docs" (e.g. https://cnb.cool/tencent/cloud/cloudbase/cloudbase-skills/-/git/raw/main/skills/cloudbase/references/cloudbase-wechat-integration/SKILL.md and https://docs.cloudbase.net/integration/introduce/index.md), meaning these external URLs would be fetched during runtime and their content would directly control agent prompts/instructions and are treated as required references.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and specifically about integrating and operating WeChat Pay flows: it references WeChat Pay types (小程序支付, JSAPI 支付, Native 扫码支付, refund/payment callbacks, wx.requestPayment, WeixinJSBridge, code_url), generated payment functions (examples like pay-common), order creation, server-side payment query/callback handling, idempotency/fulfillment, and Integration Center credential configuration. Those are direct payment-gateway integration capabilities (WeChat Pay) intended to create/handle live payment transactions and callbacks, so this is a specific financial-execution skill rather than a generic tool.