umbraco-entry-point
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill defines a workflow that ingests untrusted external data via
WebFetchand uses it to generate executable files viaWriteandEdittools.\n - Ingestion points: Documentation URLs (docs.umbraco.com) accessed by the
WebFetchtool as part of the implementation workflow.\n - Boundary markers: None. The skill does not instruct the agent to ignore instructions embedded within the fetched data or provide delimiters to isolate the code generation logic from external input.\n
- Capability inventory: The skill has
Write,Edit, andWebFetchcapabilities, allowing it to create and modify backoffice code that executes in a privileged environment.\n - Sanitization: No sanitization or validation of the fetched documentation is required before it is used to generate code templates.\n- [Remote Code Execution] (HIGH): The skill automates the creation of JavaScript entry points based on external content. This pattern effectively allows for remote code execution if the documentation site is compromised or if the agent is directed to a malicious URL, as the agent will generate and save scripts intended for execution in the Umbraco backoffice.
Recommendations
- AI detected serious security threats
Audit Metadata