Skills
skills/umbraco/umbraco-cms-backoffice-skills/umbraco-dashboard/Gen Agent Trust Hub

umbraco-dashboard

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill is configured to use WebFetch to retrieve content from docs.umbraco.com and subsequently use Write and Edit tools to generate code files. This represents a vulnerability surface for Indirect Prompt Injection (Category 8).
  • Ingestion points: Content ingested from documentation URLs via WebFetch (e.g., docs.umbraco.com/umbraco-cms/customizing/extending-overview/extension-types/dashboard).
  • Boundary markers: Absent. The instructions do not define delimiters or warnings for the agent to ignore instructions embedded in the external documentation.
  • Capability inventory: Read, Write, Edit, and WebFetch tools are authorized.
  • Sanitization: No sanitization or validation of the fetched external data is specified before it is processed by the agent.
  • [PROMPT_INJECTION] (SAFE): No direct prompt injection, role-play attempts, or 'ignore previous instruction' patterns were found in the skill content.
  • [DATA_EXFILTRATION] (SAFE): No access to sensitive local file paths or hardcoded credentials detected. The network activity is limited to fetching documentation from official sources.
  • [COMMAND_EXECUTION] (SAFE): No shell command execution or dangerous system-level calls are present in the provided scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:48 PM