ubiquitous-language
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [SAFE]: No malicious patterns, unauthorized file access, or credential harvesting were detected. The skill's functionality is limited to reading conversation history and writing to a hardcoded local file (
UBIQUITOUS_LANGUAGE.md). - [NO_CODE]: The skill consists purely of natural language instructions and Markdown templates. It does not contain or download any scripts, binaries, or external code.
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection attack surface as it ingests untrusted data from the conversation history.
- Ingestion points: Reads the current conversation history (SKILL.md).
- Boundary markers: Absent; there are no specific delimiters to separate user conversation from instructions.
- Capability inventory: Limited to reading/writing the
UBIQUITOUS_LANGUAGE.mdfile. - Sanitization: Absent; the agent is not instructed to sanitize or escape content from the conversation before writing to the file.
- Risk Assessment: The risk is minimal because the skill's capabilities are extremely narrow and the YAML frontmatter explicitly includes
disable-model-invocation: true, preventing the agent from calling other tools or services while the skill is active.
Audit Metadata