ap2-challenge-stepup

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches protocol specifications and security documentation from ap2-protocol.org.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates untrusted external data into the agent's context.
  • Ingestion points: Web search results and documentation from ap2-protocol.org as specified in SKILL.md.
  • Boundary markers: No explicit delimiters are used to separate external content from instructions.
  • Capability inventory: The skill allows access to Bash, Write, Edit, and Grep tools.
  • Sanitization: No sanitization or validation logic is present for the externally sourced data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:09 AM
Security Audit — agent-trust-hub — ap2-challenge-stepup