ubiquitous-language
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected. The skill reads external codebase artifacts such as database schemas, API contracts, and domain layer files to build or audit the domain thesaurus.
- Ingestion points: Structural files identified in 'references/generating-thesaurus.md' serve as input sources.
- Boundary markers: The instructions do not specify using delimiters or warnings to ignore embedded instructions in the scanned data.
- Capability inventory: The agent utilizes 'Bash', 'Read', 'Write', and 'Edit' tools to process data and update files.
- Sanitization: There is no mention of validating or sanitizing the input gathered from the codebase.
- [COMMAND_EXECUTION]: The skill utilizes shell commands for codebase analysis and configuration management.
- Employs 'Bash' tools like 'grep', 'find', and 'ls' to identify files and extract domain terms.
- Instructs the agent to update project-specific instruction files like 'CLAUDE.md' or 'GEMINI.md' to persist domain naming rules across different agent sessions.
Audit Metadata