ap2-credentials-provider
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest data from external specifications and web search results, creating a surface for indirect prompt injection where malicious instructions could be embedded in the documentation. \n
- Ingestion points: Documentation URLs and GitHub search results are processed by the agent to guide implementation (SKILL.md). \n
- Boundary markers: There are no instructions to delimit or treat the external content as untrusted. \n
- Capability inventory: The agent is granted high-privilege capabilities including Bash, Write, and Edit tools (SKILL.md). \n
- Sanitization: The instructions do not specify any sanitization or validation of the fetched technical specifications. \n- [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch specifications from a domain not listed as a trusted source. \n
- Source: https://ap2-protocol.org/specification/ (SKILL.md). \n
- Context: The fetch operation is used to retrieve the live definition of the Credentials Provider API and responsibilities.
Audit Metadata