ap2-merchant-agent
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it is designed to ingest and process data from external agents.
- Ingestion points: The skill processes Intent Mandates received from third-party Shopping Agents as described in SKILL.md.
- Boundary markers: There are no explicit delimiters or instructions provided to isolate untrusted mandate data from the agent's internal logic.
- Capability inventory: The agent is granted access to high-capability tools including Bash, Write, and WebFetch in the allowed-tools section of SKILL.md.
- Sanitization: The instructions do not define any validation or sanitization processes for the incoming mandate content.
- [EXTERNAL_DOWNLOADS]: The skill instructions involve fetching documentation and protocol specifications from ap2-protocol.org to guide the implementation of the Merchant Endpoint.
Audit Metadata