Back to skill

Security audit

Ucp Checkout A2a

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only guide for building UCP/A2A checkout flows; it discusses sensitive payment data but does not contain executable code, hidden behavior, persistence, or exfiltration.

Before using this skill for real commerce, require explicit user authorization, merchant and spending limits, tokenized payment data where possible, no logging of payment or risk fields, endpoint and Agent Card validation, and pinned versions of any external specs or sample code used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs agents to transmit payment credentials and risk signals, which are highly sensitive data categories, but provides no guidance on minimization, consent, encryption, retention, redaction, or logging controls. In an agent-to-agent commerce context, this omission is dangerous because implementers may pass full payment data or behavioral risk metadata through messages, logs, or third-party transports without adequate safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.