Skills
skills/umbraco/umbraco-cms-backoffice-skills/package-script-writer/Gen Agent Trust Hub

package-script-writer

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Unverifiable Dependencies (MEDIUM): The skill installs the PackageScriptWriter.Cli package globally via dotnet tool install. This package is not from a trusted source (as defined in the security policy), posing a risk of executing unverified external code during setup.
  • Dynamic Execution (MEDIUM): The skill utilizes the psw tool with the --auto-run flag, which generates a full installation script and executes it immediately. Runtime script generation and execution can be exploited if the tool or its inputs are compromised.
  • Indirect Prompt Injection (LOW):
  • Ingestion points: User-provided values for project names (-n), solutions (-s), and packages (-p) are interpolated into shell commands.
  • Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands in the input data.
  • Capability inventory: The agent can execute arbitrary shell commands via the CLI tool and perform network polling via nc.
  • Sanitization: Absent. The instructions do not specify validation or escaping for the input parameters, allowing for potential argument injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:01 PM