Skills
skills/orcaqubits/agentic-commerce-skills-plugins/ucp-conformance/Gen Agent Trust Hub

ucp-conformance

Warn

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to search for and fetch repository contents, including a README and test files, from an external GitHub repository (Universal-Commerce-Protocol/conformance).
  • [REMOTE_CODE_EXECUTION]: The workflow requires the agent or user to execute unverified remote code by cloning a repository, installing dependencies via uv sync, and running Python scripts with uv run. This creates a pathway for executing potentially malicious logic defined in the external source.
  • [COMMAND_EXECUTION]: The skill provides specific shell commands for environment setup and test execution, including parameters that handle secrets and local server URLs.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8c) because it explicitly instructs the agent to fetch and follow 'current setup instructions' from a remote README file. This creates a surface where instructions from the external repository could influence or override the agent's behavior during the testing process.
  • Ingestion points: README content fetched via WebFetch (SKILL.md).
  • Boundary markers: None identified; external instructions are treated as authoritative setup steps.
  • Capability inventory: The agent has access to Bash, Write, Edit, and WebFetch tools (SKILL.md).
  • Sanitization: None mentioned for external content processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 06:09 AM