ucp-conformance

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's example runs tests with a --simulation_secret=your-secret flag, which instructs embedding a secret as a command-line argument and therefore may require the agent to include secret values verbatim in its output (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and read the public GitHub conformance repository README (https://github.com/Universal-Commerce-Protocol/conformance) to obtain setup instructions and test data, meaning it ingests untrusted, user-hosted third-party content that can materially alter test execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs users to clone and run the conformance test suite from https://github.com/Universal-Commerce-Protocol/conformance at runtime, and that fetched repository is a required dependency whose code is executed (tests), so it constitutes remote code execution risk.