acp-affiliate-attribution
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions require the agent to ingest data from external search results and documentation fetches to guide its implementation logic. This creates a surface for indirect prompt injection.
- Ingestion points: Web-search results for GitHub RFCs and schemas;
WebFetchoperations targeting OpenAI commerce specifications. - Boundary markers: The skill does not define specific delimiters or instructions to treat fetched external content as untrusted data.
- Capability inventory: The skill permits the use of powerful tools including
Bash,Write, andEdit, which could be potentially misused if the agent obeys instructions embedded in the fetched external content. - Sanitization: There are no requirements for validating, filtering, or sanitizing the content retrieved from external URLs before it is processed by the agent.
Audit Metadata