ucp-checkout-mcp

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected in the skill instructions.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch specifications and documentation from well-known and official sources including shopify.dev and ucp.dev. These references are informative and point to legitimate developer resources.
  • [PROMPT_INJECTION]: The skill includes instructions to fetch external data via WebSearch and WebFetch, which represents an indirect prompt injection surface. Ingestion points: Documentation fetched from ucp.dev and shopify.dev. Boundary markers: Absent. Capability inventory: Bash, Write, Edit, Read. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — ucp-checkout-mcp