wechatpay-product-coupon

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to retrieve and display API request/sample code and to "only replace parameters" in those examples (and to inspect user-provided code), which can lead to verbatim inclusion of secrets (API keys, private keys, tokens, mchid/appid values) in the assistant's output if users supply them—creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required troubleshooting workflow (see SKILL.md "能力5：接口排障" and the 排障手册) explicitly instructs executing scripts like 查询用户商品券详情_品牌.py/查询用户商品券详情_服务商.py that send requests to the public WeChat Pay APIs (pay.weixin.qq.com) and parse those third‑party responses, which the agent must read and interpret to decide next actions—thus it ingests untrusted third‑party content that can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for integrating with WeChat Pay's product-coupon APIs: it provides API request examples (including signing), guidance for "创建商品券", "发券" (issuing coupons), "核销" (redemption), and troubleshooting of payment-related request/response (Request-Id, signatures, callbacks). This is a payment-gateway–specific integration assistant (WeChat Pay) intended to construct and execute payment/coupon API calls, so it constitutes direct financial execution capability.