ap2-mcp-server

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill instructs the agent to fetch documentation from an external domain (ap2-protocol.org), creating a surface for indirect prompt injection.
  • Ingestion points: External documentation URLs in SKILL.md (e.g., ap2-protocol.org/specification/).
  • Boundary markers: Absent; there are no instructions to ignore embedded commands within the fetched content.
  • Capability inventory: The skill permits high-risk tools including Bash, WebFetch, and Write.
  • Sanitization: No sanitization or verification of the remote content is specified before the agent processes it.
  • [EXTERNAL_DOWNLOADS]: The skill identifies and fetches content from an external source (ap2-protocol.org) that is not part of the trusted vendor list. While the purpose is to gather technical specifications, retrieving data from unverified remote sources is a security consideration.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:31 AM
Security Audit — agent-trust-hub — ap2-mcp-server