Skills
skills/umbraco/umbraco-cms-backoffice-skills/umbraco-global-context/Gen Agent Trust Hub

umbraco-global-context

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It explicitly instructs the agent to fetch external content via WebFetch and then generate implementation files based on that content.
  • Ingestion points: Documentation URLs (docs.umbraco.com) are processed at runtime.
  • Boundary markers: There are no instructions to delimit or ignore potential malicious prompts embedded in the fetched documentation.
  • Capability inventory: The agent has Write and Edit permissions, allowing it to commit the (potentially poisoned) generated code to the user's filesystem.
  • Sanitization: No sanitization logic is provided to filter the external documentation before it is used to generate code.
  • EXTERNAL_DOWNLOADS (LOW): The skill relies on external content from docs.umbraco.com. While these are official sources, they are not within the hardcoded trusted provider list, and the retrieval mechanism facilitates the injection risk noted above.
  • COMMAND_EXECUTION (INFO): The skill requests Write and Edit tools. This is appropriate for its stated purpose of generating code files, but it provides the necessary 'write' capability to complete an indirect prompt injection attack chain.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 11:48 PM