Skills
skills/orcaqubits/agentic-commerce-skills-plugins/ap2-merchant-agent/Gen Agent Trust Hub

ap2-merchant-agent

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the agent to fetch protocol specifications and documentation from ap2-protocol.org. It also suggests performing web searches for sample implementations on GitHub.
  • [PROMPT_INJECTION]: The architecture described in the skill involves processing 'Intent Mandates' from external, untrusted Shopping Agents, which presents a surface for indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context through Intent Mandates received from external Shopping Agents.
  • Boundary markers: The skill does not provide instructions for using delimiters or boundary markers to isolate untrusted mandate content from system instructions.
  • Capability inventory: The agent is configured with access to tools including Bash, Write, Edit, Read, Grep, and Glob.
  • Sanitization: No methods for sanitizing, validating, or escaping the content of incoming mandates are specified in the implementation guide.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:09 AM