wechatpay-basic-payment
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate integration toolkit for WeChat Pay. It provides technical guidance and utility scripts for developers. All external links and API endpoints point to official and trusted WeChat/Tencent domains.
- [DATA_EXPOSURE_AND_EXFILTRATION]: No sensitive credentials (such as real API keys or private keys) are hardcoded. The skill correctly uses placeholders and instructs users on secure handling of certificates and APIv3 keys. Network requests are restricted to official payment gateways.
- [COMMAND_EXECUTION]: The provided Python troubleshooting scripts utilize the standard library's
urllibto query transaction statuses. They do not execute arbitrary shell commands or access restricted system resources. - [REMOTE_CODE_EXECUTION]: No remote code execution vulnerabilities were found. The skill does not perform runtime code downloads or dynamic execution of untrusted input.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes user-supplied transaction identifiers for diagnostic purposes, it does so within constrained logic and trusted API workflows, minimizing exposure to injection attacks.
Audit Metadata