Unauthorized Financial Action by AI Agent - ATR-2026-00098 (ad940721-5ba2-55e2-a1f4-bc96b1ed1276)
Detects when an AI agent attempts to execute financial operations (payments, transfers, red packets, purchases, subscriptions) without explicit human confirmation in the current turn. Financial actions are inherently high-risk and irreversible -- an agent should NEVER auto-execute them based solely on chat context or tool availability.
This rule catches the tool_call side of financial attacks: even if the prompt injection rule (ATR-2026-097) is bypassed, this rule fires when the agent actually attempts to invoke a payment/transfer tool.
Covers: WeChat red packets, Alipay/WeChat Pay transfers, bank transfers, crypto transactions, subscription purchases, in-app purchases, and generic payment API calls.