acp-capability-negotiation
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch documentation from developers.openai.com and github.com. These are recognized well-known services and trusted sources for technical specifications.
- [PROMPT_INJECTION]: The skill includes instructions to fetch and process external data, which introduces a potential surface for indirect prompt injection. However, the risk is minimal given the trusted nature of the target domains. 1. Ingestion points: Documentation URLs and search results from GitHub and OpenAI as specified in SKILL.md. 2. Boundary markers: None defined; the agent is instructed to use the content directly for implementation. 3. Capability inventory: Bash, Write, Edit, Read, WebSearch, and WebFetch tools as listed in the frontmatter. 4. Sanitization: No specific sanitization or filtering logic is provided.
Audit Metadata