ap2-human-present-flow

Warn

Audited by Snyk on Mar 31, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).


MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a payments/checkout flow (AP2 human-present transaction). It defines payment-specific roles and actions: querying a Credentials Provider for payment methods, creating/signing Cart and Payment Mandates, sending a confirmed Cart Mandate + user attestation, and the Merchant/MPP "submits payment for processing." It also references 3DS2/OTP challenge handling and a card payment sample. These are concrete, payment-focused operations (not generic browser or API tooling) that enable sending transactions and processing payments.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 06:09 AM
Issues
2
Security Audit — snyk — ap2-human-present-flow