ucp-checkout-rest

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by instructing the agent to ingest and follow external documentation from the ucp.dev domain.
  • Ingestion points: Data enters the agent context via WebSearch and WebFetch of live specifications from ucp.dev (SKILL.md).
  • Boundary markers: The instructions do not define delimiters or provide safety warnings to ignore instructions potentially embedded within the fetched specifications.
  • Capability inventory: The skill permits the use of high-privilege tools including Bash, Write, and Edit (SKILL.md).
  • Sanitization: No content validation or sanitization is performed on the external documentation before the agent uses it to implement the checkout logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — ucp-checkout-rest