ucp-checkout-rest
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill performs network operations to retrieve specifications from an external, non-whitelisted domain (ucp.dev). While intended for documentation retrieval, these operations occur outside the trusted domain scope.\n
- Evidence: Instruction to fetch from 'https://ucp.dev/specification/reference/' in SKILL.md.\n
- Evidence: Instruction to use 'Web-search site:ucp.dev specification checkout-rest' in SKILL.md.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface by ingesting untrusted content from external URLs to influence agent implementation logic.\n
- Ingestion points: External web pages and search results fetched via WebSearch and WebFetch tools as directed in SKILL.md.\n
- Boundary markers: The instructions contain no delimiters or warnings to disregard instructions found within the fetched external content.\n
- Capability inventory: The skill has access to sensitive tools including Write, Edit, and Bash (specified in SKILL.md frontmatter).\n
- Sanitization: There is no requirement for validation, filtering, or sanitization of the retrieved external content before the agent acts upon it.
Audit Metadata