ap2-dev-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill requires the agent to fetch and process documentation from ap2-protocol.org and search results from GitHub. This creates an indirect prompt injection surface where untrusted data from these remote sources enters the agent's context. If these sources contain malicious content, they could potentially influence the agent's actions, especially given its broad tool access. * Ingestion points: Remote specifications from ap2-protocol.org and GitHub search results. * Boundary markers: The skill does not define delimiters or instructions to ignore embedded commands in the fetched data. * Capability inventory: The skill has access to powerful tools including Bash, Write, and Edit. * Sanitization: There is no requirement for the agent to sanitize or validate the external content before processing.
- [EXTERNAL_DOWNLOADS]: The skill fetches current protocol specifications and integration guides from ap2-protocol.org. These network operations are intended to ensure the agent uses the most up-to-date documentation for its architectural tasks.
Audit Metadata