wechatpay-product-coupon
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows secure interaction patterns for AI agents. It explicitly restricts the agent to retrieving and displaying verified documentation and code snippets rather than generating unverified code.
- [SAFE]: No hardcoded credentials were found. All sensitive parameters in the code samples (such as private keys, API serial numbers, and IDs) use clear placeholders intended for user replacement.
- [SAFE]: Cryptographic functions for signature generation and response verification in the Java and Go utility files follow the standard WeChat Pay API v3 security protocols.
- [SAFE]: External dependencies imported in the sample code (such as Bouncy Castle for Java and gmsm/sm3 for Go) are established and reputable cryptographic libraries.
- [SAFE]: External URLs point to official vendor documentation or assets on GitHub, with no evidence of malicious redirection or obfuscation.
Audit Metadata