ucp-fulfillment

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructs the agent to fetch external specifications from ucp.dev using WebSearch and WebFetch to guide the implementation of shipping and pickup logic. This creates a surface for indirect prompt injection where an attacker controlling the external documentation could inject malicious instructions into the agent's context.\n
  • Ingestion points: Technical specifications for the UCP Fulfillment extension retrieved from ucp.dev via WebFetch.\n
  • Boundary markers: Absent. The skill does not define delimiters for the external content or instruct the agent to treat it as untrusted data.\n
  • Capability inventory: The agent is granted high-privilege tools including Bash, Write, and Edit, which could be exploited if the agent follows instructions embedded in fetched content.\n
  • Sanitization: Absent. The skill does not specify any validation, filtering, or sanitization of the content retrieved from the external source.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — ucp-fulfillment