ucp-embedded-checkout

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the agent to fetch the latest protocol specifications and JSON-RPC method definitions from Google's official developer documentation.
  • [SAFE]: The implementation guidance explicitly mandates critical security controls, including strict postMessage origin validation, HTTPS enforcement, iframe sandboxing, and the use of frame-ancestors in CSP to prevent UI redressing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:09 AM
Security Audit — agent-trust-hub — ucp-embedded-checkout