checkout
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill collects and transmits sensitive user personally identifiable information (PII), including full shipping address, email, and phone number, to the external endpoint https://checkout-agent.credpay.xyz. While this is the intended function of the checkout skill, it constitutes significant data exposure.
- [PROMPT_INJECTION]: The skill accepts arbitrary product URLs from any online store, creating a surface for indirect prompt injection if the agent parses information from those external sites.
- Ingestion points: Product URL and associated content (SKILL.md).
- Boundary markers: No delimiters or safety instructions are provided to separate external data from the agent's core instructions.
- Capability inventory: Outbound network communication via POST and GET requests and payment authorization capabilities (SKILL.md).
- Sanitization: No sanitization or validation logic for external content is included in the instructions.
Audit Metadata