ucp-payment-handlers
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to fetch and process live documentation from external websites (Google, Shopify, and ucp.dev) using
WebFetchandWebSearch. This creates a surface for indirect prompt injection where malicious instructions could be embedded in the external documentation. - Ingestion points: External documentation URLs referenced in
SKILL.md. - Boundary markers: Absent; there are no instructions for the agent to distinguish between the fetched data and its own system instructions.
- Capability inventory: The agent has broad permissions including
Bash,Write, andEdit, which could be exploited if an injection occurs. - Sanitization: Absent; no validation or sanitization of the external content is performed.
Audit Metadata