skills/orcaqubits/agentic-commerce-skills-plugins/ap2-vdc-framework/Snyk

ap2-vdc-framework

Warn

Audited by Snyk on Mar 31, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill's "Before writing code" steps explicitly instruct fetching live docs from public URLs (https://ap2-protocol.org/specification/, https://ap2-protocol.org/topics/core-concepts/) and web-searching GitHub and community guides, so the agent will ingest untrusted third‑party content that can influence implementation decisions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 31, 2026, 06:09 AM

Issues

1