acp-dev-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches technical specifications and operational requirements from OpenAI's official developer documentation.
- [EXTERNAL_DOWNLOADS]: Searches for and retrieves integration patterns and changelogs from Stripe's documentation and GitHub repositories.
- [PROMPT_INJECTION]: The skill ingests data from external sources via WebFetch and WebSearch. While these sources are trusted, the lack of boundary markers for external data processing creates a surface for indirect prompt injection given the skill's access to Bash and Write tools.
- Ingestion points: WebFetch and WebSearch calls in SKILL.md for external documentation.
- Boundary markers: None identified in the instructions.
- Capability inventory: Bash, Write, Edit, Grep, WebSearch, and WebFetch.
- Sanitization: No input validation or sanitization of external content is performed.
Audit Metadata