acp-discount-extension
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: No security issues detected. The skill contains instructional content and architectural patterns for a commerce extension.
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch documentation from OpenAI's developer portal and search GitHub for protocol specifications. These are well-known services and the fetches are used for retrieving technical documentation.
- [PROMPT_INJECTION]: The skill involves fetching external content from GitHub and OpenAI (ingestion points in SKILL.md), representing a surface for indirect prompt injection. No specific boundary markers or sanitization logic are defined, and the capabilities include writing and executing bash (SKILL.md). The risk is considered safe as it targets reputable documentation sources.
Audit Metadata