ucp-conformance

Warn

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the test suite and documentation from an external GitHub repository (Universal-Commerce-Protocol/conformance) using web search and fetch tools.
  • [REMOTE_CODE_EXECUTION]: Directs the agent to clone an external repository and execute its content using 'uv sync' and 'uv run', which involves installing and running third-party code.
  • [COMMAND_EXECUTION]: Uses the 'Bash' tool to execute Python test scripts and interact with a local server.
  • [PROMPT_INJECTION]: Ingests and processes untrusted data from 'conformance_input.json', which presents a surface for indirect prompt injection.
  • Ingestion points: 'test_data/your_store/conformance_input.json' as defined in the test execution instructions.
  • Boundary markers: Absent; there are no instructions to delineate untrusted data or ignore embedded commands.
  • Capability inventory: The skill has access to 'Bash' for shell execution, 'Write'/'Edit' for file modification, and 'WebFetch' for network operations.
  • Sanitization: No sanitization, escaping, or schema validation of the input file is mentioned or enforced.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — ucp-conformance