ap2-payment-processor

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by instructing the agent to fetch and follow specifications and code samples from external websites (ap2-protocol.org) and search results (GitHub). Malicious content in these external sources could potentially influence the agent's behavior during implementation.
  • Ingestion points: External documentation fetched from ap2-protocol.org and reference implementations found via WebSearch.
  • Boundary markers: None identified; the instructions do not include delimiters or warnings to ignore embedded instructions in the fetched data.
  • Capability inventory: Bash, Write, Edit, WebFetch, WebSearch.
  • Sanitization: No verification or sanitization steps are defined for the external content before it is processed by the agent.
  • [EXTERNAL_DOWNLOADS]: The skill fetches technical specifications from ap2-protocol.org and reference code from the google-agentic-commerce repository. These are appropriate and relevant resources for implementing the specified payment processor role.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:09 AM
Security Audit — agent-trust-hub — ap2-payment-processor