ap2-human-present-flow
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to fetch and process external documentation and sample implementations to guide its coding tasks, which creates a surface for indirect prompt injection.\n
- Ingestion points: The skill uses
WebFetchto retrieve content fromap2-protocol.organdgithub.com(SKILL.md).\n - Boundary markers: There are no explicit instructions or delimiters defined to isolate external content from the agent's core instructions.\n
- Capability inventory: The agent is granted access to powerful tools including
Bash,Write, andEdit, which could be used to execute instructions found in external data (SKILL.md).\n - Sanitization: No sanitization or verification of the fetched external content is specified before it enters the agent's context.\n- [EXTERNAL_DOWNLOADS]: Fetches technical specifications and reference implementations from
ap2-protocol.organd thegoogle-agentic-commercerepository on GitHub. These are considered official and trusted sources for the implementation of the protocol described.
Audit Metadata