ap2-payment-mandate
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation and specification schemas from an external domain not on the trusted list.
- Evidence:
Fetch https://ap2-protocol.org/specification/inSKILL.md. - Evidence:
Fetch https://ap2-protocol.org/topics/core-concepts/inSKILL.md. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by instructing the agent to ingest and process data from external websites and search results.
- Ingestion points: External fetches from
ap2-protocol.organd web searches on GitHub. - Boundary markers: Absent. The skill does not provide delimiters or instructions for the agent to ignore potentially malicious content within the fetched data.
- Capability inventory: The skill metadata permits the use of high-privilege tools such as
Bash,Write, andEdit(specified inSKILL.md). - Sanitization: Absent. There are no instructions to sanitize or validate the external content before processing.
Audit Metadata