wechatpay-product-coupon
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No prompt injection or malicious behavior override patterns were found in the instructions. The skill follows a strict step-by-step confirmation protocol with the user.
- [SAFE]: The code examples use placeholders (e.g., 'xxxxxxxx', 'PUB_KEY_ID_xxxxxxxxxxxxx') for sensitive parameters like brand IDs, certificate serial numbers, and key IDs, preventing accidental credential exposure.
- [SAFE]: The instructions explicitly prohibit the AI agent from using file modification tools such as
write_to_fileorreplace_in_file, ensuring that code is only displayed for reference and never written into the user's project environment. - [SAFE]: All external URL references and API endpoints point to official WeChat Pay and Tencent domains (e.g., api.mch.weixin.qq.com, pay.weixin.qq.com).
- [SAFE]: Cryptographic implementations in the utility files (Go and Java) follow standard practices for WeChat Pay's V3 signature and encryption schemes using reputable libraries like BouncyCastle and standard language providers.
Audit Metadata