ucp-setup

Warn

Audited by Snyk on Mar 31, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).


MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly about implementing a merchant/platform checkout system (UCP). It scaffolds payment-specific components: checkout endpoints (complete/cancel), payments/handlers and processing (credential processing), payment handler configuration, and guidance on storing payment credentials and signing keys. These are not generic developer tools but explicit payment/checkout execution functionality that enable processing transactions, so it grants direct financial execution authority.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 06:09 AM
Issues
2
Security Audit — snyk — ucp-setup