ap2-shopping-agent
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a Shopping Agent orchestrator within the AP2 protocol, providing technical documentation and implementation steps for developers.\n- [SAFE]: It enforces strict security policies, explicitly forbidding the storage or access of raw payment credentials, PCI data, and unauthorized PII.\n- [SAFE]: External communication is limited to fetching protocol specifications and searching for reference implementations on well-known platforms like GitHub.\n- [SAFE]: The instructions encourage best practices such as deterministic mandate validation, human-in-the-loop confirmations, and the use of trusted device surfaces for transaction security.\n- [SAFE]: The skill outlines an agent that processes untrusted user data, with built-in safety surfaces:\n
- Ingestion points: Processes natural language user intent and merchant communications (SKILL.md).\n
- Boundary markers: Requires presenting structured understanding and mandates for user confirmation.\n
- Capability inventory: Coordinates merchant discovery, evaluation, and tokenized payment relay.\n
- Sanitization: Mandates deterministic validation of all generated mandates and discourages autonomous approval beyond intent bounds.
Audit Metadata