ucp-identity-linking

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE]: No malicious instructions, obfuscation, or safety bypasses were found. The skill follows established security practices for OAuth 2.0.
  • [EXTERNAL_DOWNLOADS]: The skill fetches configuration and specifications from official documentation sites (ucp.dev and Google). These sources are considered well-known and trusted for the context of the skill.
  • [PROMPT_INJECTION]: While the skill retrieves external data, which is a potential surface for indirect prompt injection, the specific sources are restricted to authoritative technical documentation.
  • Ingestion points: WebSearch and WebFetch are used to retrieve documentation (SKILL.md).
  • Boundary markers: Absent in the current instructions.
  • Capability inventory: Includes Bash, Write, and Edit (SKILL.md).
  • Sanitization: No specific sanitization logic is implemented for the fetched text content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — ucp-identity-linking