ap2-payment-processor
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by instructing the agent to fetch and follow specifications and code samples from external websites (ap2-protocol.org) and search results (GitHub). Malicious content in these external sources could potentially influence the agent's behavior during implementation.
- Ingestion points: External documentation fetched from ap2-protocol.org and reference implementations found via WebSearch.
- Boundary markers: None identified; the instructions do not include delimiters or warnings to ignore embedded instructions in the fetched data.
- Capability inventory: Bash, Write, Edit, WebFetch, WebSearch.
- Sanitization: No verification or sanitization steps are defined for the external content before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill fetches technical specifications from ap2-protocol.org and reference code from the google-agentic-commerce repository. These are appropriate and relevant resources for implementing the specified payment processor role.
Audit Metadata