ucp-identity-linking
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: No malicious instructions, obfuscation, or safety bypasses were found. The skill follows established security practices for OAuth 2.0.
- [EXTERNAL_DOWNLOADS]: The skill fetches configuration and specifications from official documentation sites (
ucp.devand Google). These sources are considered well-known and trusted for the context of the skill. - [PROMPT_INJECTION]: While the skill retrieves external data, which is a potential surface for indirect prompt injection, the specific sources are restricted to authoritative technical documentation.
- Ingestion points:
WebSearchandWebFetchare used to retrieve documentation (SKILL.md). - Boundary markers: Absent in the current instructions.
- Capability inventory: Includes
Bash,Write, andEdit(SKILL.md). - Sanitization: No specific sanitization logic is implemented for the fetched text content.
Audit Metadata