ap2-merchant-agent

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it is designed to ingest and process data from external agents.
  • Ingestion points: The skill processes Intent Mandates received from third-party Shopping Agents as described in SKILL.md.
  • Boundary markers: There are no explicit delimiters or instructions provided to isolate untrusted mandate data from the agent's internal logic.
  • Capability inventory: The agent is granted access to high-capability tools including Bash, Write, and WebFetch in the allowed-tools section of SKILL.md.
  • Sanitization: The instructions do not define any validation or sanitization processes for the incoming mandate content.
  • [EXTERNAL_DOWNLOADS]: The skill instructions involve fetching documentation and protocol specifications from ap2-protocol.org to guide the implementation of the Merchant Endpoint.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — ap2-merchant-agent