acp-setup
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches specifications from the Agentic Commerce Protocol GitHub repository and documentation from OpenAI. These are considered safe as they originate from well-known services and trusted organizations.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection due to its reliance on external data for code generation. This risk is mitigated by the use of trusted sources and is intrinsic to the tool's primary scaffolding purpose. * Ingestion points: Spec files and guides from GitHub and OpenAI. * Boundary markers: None. * Capability inventory: Bash, Write, and Edit tools for project structure and stub creation. * Sanitization: None.
Audit Metadata