ucp-conformance
Warn
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the test suite and documentation from an external GitHub repository (Universal-Commerce-Protocol/conformance) using web search and fetch tools.
- [REMOTE_CODE_EXECUTION]: Directs the agent to clone an external repository and execute its content using 'uv sync' and 'uv run', which involves installing and running third-party code.
- [COMMAND_EXECUTION]: Uses the 'Bash' tool to execute Python test scripts and interact with a local server.
- [PROMPT_INJECTION]: Ingests and processes untrusted data from 'conformance_input.json', which presents a surface for indirect prompt injection.
- Ingestion points: 'test_data/your_store/conformance_input.json' as defined in the test execution instructions.
- Boundary markers: Absent; there are no instructions to delineate untrusted data or ignore embedded commands.
- Capability inventory: The skill has access to 'Bash' for shell execution, 'Write'/'Edit' for file modification, and 'WebFetch' for network operations.
- Sanitization: No sanitization, escaping, or schema validation of the input file is mentioned or enforced.
Audit Metadata