ucp-orders-webhooks
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch protocol specifications from
ucp.devand a conformance test suite from theUniversal-Commerce-Protocolrepository on GitHub. These downloads are used for documentation and implementation verification purposes. - [PROMPT_INJECTION]: The skill describes a platform architecture that ingests external data via webhooks. This creates a surface for indirect prompt injection (Category 8).
- Ingestion points: Webhook endpoint POST body (SKILL.md).
- Boundary markers: None explicitly defined for isolating data from agent instructions.
- Capability inventory: The skill allows powerful tools including Bash, Write, Edit, and WebFetch (SKILL.md).
- Sanitization: The skill mandates a robust authentication mechanism using Detached JWT signatures (RFC 7797) verified against public keys found in the business's
/.well-known/ucpprofile. While this ensures data authenticity and integrity, it does not sanitize the contents of the order data against prompt injection if processed by an LLM. - [COMMAND_EXECUTION]: The skill requests access to the
Bashtool. While no malicious shell commands are provided in the instructions, the presence of this tool alongside the ingestion of external data requires careful monitoring during execution to prevent command injection.
Audit Metadata