acp-affiliate-attribution

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions require the agent to ingest data from external search results and documentation fetches to guide its implementation logic. This creates a surface for indirect prompt injection.
  • Ingestion points: Web-search results for GitHub RFCs and schemas; WebFetch operations targeting OpenAI commerce specifications.
  • Boundary markers: The skill does not define specific delimiters or instructions to treat fetched external content as untrusted data.
  • Capability inventory: The skill permits the use of powerful tools including Bash, Write, and Edit, which could be potentially misused if the agent obeys instructions embedded in the fetched external content.
  • Sanitization: There are no requirements for validating, filtering, or sanitizing the content retrieved from external URLs before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — acp-affiliate-attribution