same-day-delivery
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate documentation and integration steps for major e-commerce platforms including Shopify, WooCommerce, and BigCommerce.
- [SAFE]: Code snippets for custom delivery implementations follow standard security practices, such as using environment variables for sensitive API credentials.
- [SAFE]: External service references (DoorDash Drive, Uber Direct, Onfleet) target well-known, legitimate technology providers.
- [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface through the ingestion of untrusted customer data (addresses and phone numbers). Evidence: 1. Ingestion points: Customer ZIP and address parameters in custom implementation snippets (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Network requests via DoorDash API (SKILL.md). 4. Sanitization: Absent in provided boilerplate. This surface is inherent to the fulfillment use-case and is handled neutrally as no malicious instructions are present.
Audit Metadata