ucp-checkout-rest
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by instructing the agent to ingest and follow external documentation from the ucp.dev domain.
- Ingestion points: Data enters the agent context via
WebSearchandWebFetchof live specifications from ucp.dev (SKILL.md). - Boundary markers: The instructions do not define delimiters or provide safety warnings to ignore instructions potentially embedded within the fetched specifications.
- Capability inventory: The skill permits the use of high-privilege tools including
Bash,Write, andEdit(SKILL.md). - Sanitization: No content validation or sanitization is performed on the external documentation before the agent uses it to implement the checkout logic.
Audit Metadata