ubiquitous-language
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the conversation to generate and update a local file.
- Ingestion points: Processes the entire conversation history in
SKILL.md(Process Step 1: "Scan the conversation for domain-relevant nouns, verbs, and concepts"). - Boundary markers: Absent. The instructions do not specify delimiters or warnings to ignore embedded instructions within the domain data.
- Capability inventory: The skill has file-write and file-read capabilities for
UBIQUITOUS_LANGUAGE.md. - Sanitization: Absent. There is no requirement to escape or validate the content extracted from the conversation before writing it to the filesystem. An attacker could provide a 'term definition' containing instructions designed to influence the agent or future readers when the file is re-processed.
Audit Metadata