ap2-intent-mandate
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the agent to fetch documentation and schema definitions from ap2-protocol.org. While this is used for legitimate reference, the integrity of this external source is not pre-verified by the system.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing external data alongside high-privilege tool access.
- Ingestion points: Protocol specifications from ap2-protocol.org and user-supplied strings in the 'natural_language_description' field.
- Boundary markers: Absent. The instructions do not provide delimiters or instructions to prevent the agent from obeying commands embedded within the fetched documentation or user descriptions.
- Capability inventory: The skill allows the use of 'Bash', 'Write', 'Edit', and 'WebFetch' tools, which increases the potential impact if a malicious instruction is followed.
- Sanitization: No sanitization, validation, or escaping of ingested data is specified.
Audit Metadata