ucp-ap2-mandates
Warn
Audited by Socket on Mar 19, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS. The skill is coherent with its stated purpose, but that purpose is intrinsically high-impact: enabling autonomous payment authorization. The main security concern is the combination of live external content fetching with Bash/write access, which creates prompt-injection risk during implementation, plus the financial autonomy implications. No clear credential harvesting, malware behavior, or suspicious installer path was found.
Confidence: 89%Severity: 74%
Audit Metadata