ucp
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
ucpbinary to perform commerce operations such ascatalog search,cart create, andcheckout complete. These commands are specific to the skill's stated purpose of facilitating shopping via the Universal Commerce Protocol. - [PROMPT_INJECTION]: The instructions include specific guidance to the agent to treat untrusted text from merchants and product descriptions as data for the buyer rather than executable instructions, mitigating risks of indirect prompt injection from external content.
- [DATA_EXFILTRATION]: The skill manages user data (e.g., shipping addresses, cart items) and transmits it to merchant endpoints defined by the
--businessparameter. This data flow is restricted to the necessary context of completing commerce transactions as initiated by the user.
Audit Metadata