ucp-setup

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches external documentation, specifications, and README files from ucp.dev, github.com, and developers.google.com. References to Google's documentation are from a well-known service.
  • [COMMAND_EXECUTION]: The skill instructs the agent to perform package installations using pip and npm. It specifically recommends the third-party package fastucp-python and the scoped package @ucp-js/sdk.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to fetch content from external URLs (SDK READMEs and protocol specifications) and use that information to guide command execution and file creation.
  • Ingestion points: SKILL.md directs the agent to use WebFetch on URLs from ucp.dev, github.com, and developers.google.com.
  • Boundary markers: Absent. The skill does not provide delimiters or instructions to ignore embedded commands in the fetched content.
  • Capability inventory: The agent has access to Bash, Write, Edit, and Read tools, which can be influenced by the fetched data.
  • Sanitization: Absent. There is no mention of validating or filtering the content retrieved from external sources before use.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:31 AM
Security Audit — agent-trust-hub — ucp-setup