Skills
skills/umbraco/umbraco-cms-backoffice-skills/umbraco-context-api/Gen Agent Trust Hub

umbraco-context-api

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill instructs the agent to fetch external documentation from docs.umbraco.com via WebFetch. This introduces a potential surface for indirect prompt injection if the external content is compromised.
  • Ingestion points: Workflow step 1 (SKILL.md) fetches documentation from multiple docs.umbraco.com URLs.
  • Boundary markers: Absent; the skill does not specify delimiters or warnings to ignore instructions inside the fetched documentation.
  • Capability inventory: The skill allows Read, Write, Edit, and WebFetch tools.
  • Sanitization: Absent; there is no instruction to validate or filter external content before processing.
  • [Data Exposure & Exfiltration] (SAFE): No credentials, sensitive file paths, or unauthorized network transmissions were detected.
  • [Obfuscation] (SAFE): No Base64, zero-width characters, or other encoding techniques were used to hide instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:55 PM