ucp-payment-handlers

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructs the agent to fetch and process live documentation from external websites (Google, Shopify, and ucp.dev) using WebFetch and WebSearch. This creates a surface for indirect prompt injection where malicious instructions could be embedded in the external documentation.
  • Ingestion points: External documentation URLs referenced in SKILL.md.
  • Boundary markers: Absent; there are no instructions for the agent to distinguish between the fetched data and its own system instructions.
  • Capability inventory: The agent has broad permissions including Bash, Write, and Edit, which could be exploited if an injection occurs.
  • Sanitization: Absent; no validation or sanitization of the external content is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:31 AM
Security Audit — agent-trust-hub — ucp-payment-handlers