ucp-embedded-checkout

Warn

Audited by Snyk on Mar 31, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill instructs the host to load the merchant's continue_url in a sandboxed iframe and to parse JSON-RPC postMessage events from that third-party page (see "When Embedded Checkout Is Used" and "Platform (host)"), meaning merchant-controlled/untrusted content can directly drive credential requests and checkout actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is specifically and explicitly about embedded checkout/payment handling. It defines JSON-RPC methods such as ec.payment.credential_request and ec.payment.instruments_change_request and instructs the host to "handle ec.payment.credential_request by invoking the payment provider" and to delegate payment credential acquisition. This is not a generic automation tool — it is a checkout/payment integration that directly interfaces with payment providers and manages payment credentials, so it entails direct financial execution capability.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 06:09 AM
Issues
2
Security Audit — snyk — ucp-embedded-checkout