acp-affiliate-attribution

Fail

Audited by Snyk on Mar 19, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to accept opaque attribution tokens and include them verbatim in checkout API requests (POST /checkout_sessions and complete), which requires the LLM to handle and output token values and thus creates an exfiltration risk despite the "write-only" guidance.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). Yes — SKILL.md's "Before writing code" explicitly requires the agent to web-search public GitHub (site:github.com) for the affiliate_attribution RFC and to fetch https://developers.openai.com/commerce/specs/checkout/, so the agent will ingest open/public third‑party content (GitHub and external docs) that can materially influence implementation and actions.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 19, 2026, 07:31 AM
Issues
2
Security Audit — snyk — acp-affiliate-attribution