Skills
skills/orcaqubits/agentic-commerce-skills-plugins/ucp-dev-patterns/Gen Agent Trust Hub

ucp-dev-patterns

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security risks detected in the skill's instructions or metadata. The skill provides legitimate architectural guidance for the Universal Commerce Protocol (UCP).
  • [EXTERNAL_DOWNLOADS]: The skill encourages retrieving protocol specifications from the ucp.dev domain and official GitHub repositories (Universal-Commerce-Protocol). These references are used for standard implementation compliance and architectural guidance.
  • [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection as it instructs the agent to fetch external specifications from the web.
  • Ingestion points: SKILL.md (instruction to fetch live reference for data models).
  • Boundary markers: Absent.
  • Capability inventory: The skill environment allows access to Bash, Write, and Edit tools.
  • Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:09 AM