acp-setup
Warn
Audited by Snyk on Mar 19, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill's "Before writing code" steps explicitly instruct the agent to web-search and fetch OpenAPI specs from the public GitHub repo (https://github.com/agentic-commerce-protocol/agentic-commerce-protocol/tree/main/spec) and to fetch a guide from https://developers.openai.com/commerce/guides/get-started/, so it ingests untrusted public third‑party content that will be interpreted to generate code and endpoints.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.70). The skill instructs at runtime to fetch and use the OpenAPI YAML files from https://github.com/agentic-commerce-protocol/agentic-commerce-protocol/tree/main/spec to generate endpoint stubs, meaning remote content from that URL directly controls the code the agent produces and is a required dependency.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly for scaffolding a merchant server and includes direct payment integration details: it references importing the "delegate-payment" OpenAPI spec, stubbing "5 checkout" endpoints, a services/payment.py for PSP integration, and config variables such as STRIPE_API_KEY, ACP_WEBHOOK_SECRET, and PSP credentials. These are specific payment gateway/PSP integrations (e.g., Stripe) and are clearly designed to execute or manage payments rather than being a generic tool, so it grants Direct Financial Execution capability.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata