ucp-setup
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches external documentation, specifications, and README files from
ucp.dev,github.com, anddevelopers.google.com. References to Google's documentation are from a well-known service. - [COMMAND_EXECUTION]: The skill instructs the agent to perform package installations using
pipandnpm. It specifically recommends the third-party packagefastucp-pythonand the scoped package@ucp-js/sdk. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to fetch content from external URLs (SDK READMEs and protocol specifications) and use that information to guide command execution and file creation.
- Ingestion points:
SKILL.mddirects the agent to useWebFetchon URLs fromucp.dev,github.com, anddevelopers.google.com. - Boundary markers: Absent. The skill does not provide delimiters or instructions to ignore embedded commands in the fetched content.
- Capability inventory: The agent has access to
Bash,Write,Edit, andReadtools, which can be influenced by the fetched data. - Sanitization: Absent. There is no mention of validating or filtering the content retrieved from external sources before use.
Audit Metadata