acp-affiliate-attribution
Fail
Audited by Snyk on Mar 19, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to accept opaque attribution tokens and include them verbatim in checkout API requests (POST /checkout_sessions and complete), which requires the LLM to handle and output token values and thus creates an exfiltration risk despite the "write-only" guidance.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). Yes — SKILL.md's "Before writing code" explicitly requires the agent to web-search public GitHub (site:github.com) for the affiliate_attribution RFC and to fetch https://developers.openai.com/commerce/specs/checkout/, so the agent will ingest open/public third‑party content (GitHub and external docs) that can materially influence implementation and actions.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata