ap2-payment-mandate

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches documentation and specification schemas from an external domain not on the trusted list.
  • Evidence: Fetch https://ap2-protocol.org/specification/ in SKILL.md.
  • Evidence: Fetch https://ap2-protocol.org/topics/core-concepts/ in SKILL.md.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by instructing the agent to ingest and process data from external websites and search results.
  • Ingestion points: External fetches from ap2-protocol.org and web searches on GitHub.
  • Boundary markers: Absent. The skill does not provide delimiters or instructions for the agent to ignore potentially malicious content within the fetched data.
  • Capability inventory: The skill metadata permits the use of high-privilege tools such as Bash, Write, and Edit (specified in SKILL.md).
  • Sanitization: Absent. There are no instructions to sanitize or validate the external content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — ap2-payment-mandate