acp-dev-patterns

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches technical specifications and operational requirements from OpenAI's official developer documentation.
  • [EXTERNAL_DOWNLOADS]: Searches for and retrieves integration patterns and changelogs from Stripe's documentation and GitHub repositories.
  • [PROMPT_INJECTION]: The skill ingests data from external sources via WebFetch and WebSearch. While these sources are trusted, the lack of boundary markers for external data processing creates a surface for indirect prompt injection given the skill's access to Bash and Write tools.
  • Ingestion points: WebFetch and WebSearch calls in SKILL.md for external documentation.
  • Boundary markers: None identified in the instructions.
  • Capability inventory: Bash, Write, Edit, Grep, WebSearch, and WebFetch.
  • Sanitization: No input validation or sanitization of external content is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — acp-dev-patterns