ucp-checkout-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected in the skill instructions.
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch specifications and documentation from well-known and official sources including shopify.dev and ucp.dev. These references are informative and point to legitimate developer resources.
- [PROMPT_INJECTION]: The skill includes instructions to fetch external data via WebSearch and WebFetch, which represents an indirect prompt injection surface. Ingestion points: Documentation fetched from ucp.dev and shopify.dev. Boundary markers: Absent. Capability inventory: Bash, Write, Edit, Read. Sanitization: Absent.
Audit Metadata