Skills
skills/orcaqubits/agentic-commerce-skills-plugins/ucp-checkout-a2a/Gen Agent Trust Hub

ucp-checkout-a2a

Pass

Audited by Gen Agent Trust Hub on May 21, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch documentation and sample code from official external sources, including Google's A2A protocol specifications and the Universal Commerce Protocol GitHub repository. These are documented resources for implementing the protocol described.
  • [INDIRECT_PROMPT_INJECTION]: The requirement to fetch and process external specifications and sample code creates a potential surface for indirect prompt injection.
  • Ingestion points: Content is retrieved from ucp.dev and GitHub using WebSearch and WebFetch tools.
  • Boundary markers: The skill does not provide specific instructions to use delimiters or to ignore potential instructions embedded in the fetched documentation.
  • Capability inventory: The agent is configured with access to tools such as Bash, Write, Edit, WebSearch, and WebFetch.
  • Sanitization: There are no specified steps for sanitizing or validating the content fetched from the external sources.
Audit Metadata
Risk Level
SAFE
Analyzed
May 21, 2026, 01:41 PM