ap2-intent-mandate

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the agent to fetch documentation and schema definitions from ap2-protocol.org. While this is used for legitimate reference, the integrity of this external source is not pre-verified by the system.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing external data alongside high-privilege tool access.
  • Ingestion points: Protocol specifications from ap2-protocol.org and user-supplied strings in the 'natural_language_description' field.
  • Boundary markers: Absent. The instructions do not provide delimiters or instructions to prevent the agent from obeying commands embedded within the fetched documentation or user descriptions.
  • Capability inventory: The skill allows the use of 'Bash', 'Write', 'Edit', and 'WebFetch' tools, which increases the potential impact if a malicious instruction is followed.
  • Sanitization: No sanitization, validation, or escaping of ingested data is specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — ap2-intent-mandate