Skills
skills/orcaqubits/agentic-commerce-skills-plugins/ucp-discount/Gen Agent Trust Hub

ucp-discount

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted discount codes that enter the agent's context during the checkout process.
  • Ingestion points: Discount code strings submitted by the buyer or agent in the checkout update (SKILL.md).
  • Boundary markers: The instructions do not define boundary markers or explicit warnings for the agent to ignore instructions that might be embedded within the discount code strings.
  • Capability inventory: The skill allows the use of powerful tools including Bash, Write, Edit, and WebFetch (SKILL.md).
  • Sanitization: No sanitization or validation of the input strings is mentioned beyond standard business logic validation.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to use WebSearch and WebFetch to retrieve live specifications and schema details from the ucp.dev domain to guide implementation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:09 AM