ap2-challenge-stepup
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches protocol specifications and security documentation from ap2-protocol.org.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates untrusted external data into the agent's context.
- Ingestion points: Web search results and documentation from ap2-protocol.org as specified in SKILL.md.
- Boundary markers: No explicit delimiters are used to separate external content from instructions.
- Capability inventory: The skill allows access to Bash, Write, Edit, and Grep tools.
- Sanitization: No sanitization or validation logic is present for the externally sourced data.
Audit Metadata