ucp-setup
Warn
Audited by Snyk on Mar 31, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires the agent to web-search and fetch live public resources (e.g., GitHub repos: https://github.com/Universal-Commerce-Protocol/python-sdk and https://github.com/Universal-Commerce-Protocol/js-sdk, ucp.dev spec pages like https://ucp.dev/specification/overview/, and https://developers.google.com/merchant/ucp/guides/ucp-profile), which are untrusted third‑party sources the agent is expected to read and that can materially influence its actions.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly about implementing a merchant/platform checkout system (UCP). It scaffolds payment-specific components: checkout endpoints (complete/cancel), payments/handlers and processing (credential processing), payment handler configuration, and guidance on storing payment credentials and signing keys. These are not generic developer tools but explicit payment/checkout execution functionality that enable processing transactions, so it grants direct financial execution authority.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata