ucp-embedded-checkout
Warn
Audited by Snyk on Mar 31, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill instructs the host to load the merchant's continue_url in a sandboxed iframe and to parse JSON-RPC postMessage events from that third-party page (see "When Embedded Checkout Is Used" and "Platform (host)"), meaning merchant-controlled/untrusted content can directly drive credential requests and checkout actions.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is specifically and explicitly about embedded checkout/payment handling. It defines JSON-RPC methods such as ec.payment.credential_request and ec.payment.instruments_change_request and instructs the host to "handle ec.payment.credential_request by invoking the payment provider" and to delegate payment credential acquisition. This is not a generic automation tool — it is a checkout/payment integration that directly interfaces with payment providers and manages payment credentials, so it entails direct financial execution capability.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata