ucp-payment-handlers
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: References official documentation from Google Developers and Shopify, as well as the UCP specification site. These resources are used to provide the necessary context and schemas for implementing payment processing handlers.
- [DATA_EXPOSURE]: Includes specific security instructions for managing payment credentials, explicitly stating that sensitive tokens should only flow from the platform to the business and must never be returned, which serves to prevent accidental data exposure during checkout implementation.
- [PROMPT_INJECTION]: The skill instructs the agent to fetch and process external documentation, which establishes an indirect prompt injection surface where content from those sites could potentially influence agent behavior.
- Ingestion points: Documentation content fetched via WebFetch and WebSearch from developers.google.com, shopify.dev, and ucp.dev as referenced in SKILL.md.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are present for the fetched content.
- Capability inventory: The agent is permitted to perform file system operations (Read, Write, Edit, Grep, Glob) and execute shell commands (Bash).
- Sanitization: No specific sanitization, validation, or filtering of the retrieved documentation content is described.
Audit Metadata