Skills
skills/orcaqubits/agentic-commerce-skills-plugins/ap2-intent-mandate/Gen Agent Trust Hub

ap2-intent-mandate

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches protocol specifications and code samples from the official AP2 Protocol domain (ap2-protocol.org) and GitHub to assist in implementation.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes external documentation which could contain malicious instructions.
  • Ingestion points: The skill fetches data from ap2-protocol.org/specification/ and ap2-protocol.org/topics/core-concepts/, and performs web searches on GitHub (SKILL.md).
  • Boundary markers: Not present; the agent is not instructed to use delimiters to separate fetched data from system instructions.
  • Capability inventory: The skill has access to powerful tools including Bash, Write, and Edit, which could be exploited if malicious content is processed (SKILL.md).
  • Sanitization: Not present; there are no instructions to validate or filter the external documentation before it enters the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:09 AM