ucp-fulfillment
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to fetch external specifications from
ucp.devusingWebSearchandWebFetchto guide the implementation of shipping and pickup logic. This creates a surface for indirect prompt injection where an attacker controlling the external documentation could inject malicious instructions into the agent's context.\n - Ingestion points: Technical specifications for the UCP Fulfillment extension retrieved from
ucp.devviaWebFetch.\n - Boundary markers: Absent. The skill does not define delimiters for the external content or instruct the agent to treat it as untrusted data.\n
- Capability inventory: The agent is granted high-privilege tools including
Bash,Write, andEdit, which could be exploited if the agent follows instructions embedded in fetched content.\n - Sanitization: Absent. The skill does not specify any validation, filtering, or sanitization of the content retrieved from the external source.
Audit Metadata