Skills
skills/umbraco/umbraco-cms-backoffice-skills/umbraco-granular-user-permissions/Gen Agent Trust Hub

umbraco-granular-user-permissions

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill instructions specify using the WebFetch tool to access documentation on docs.umbraco.com. While these are legitimate sources for the skill's purpose, fetching external content introduces an inherent risk of ingesting unverified instructions.\n- INDIRECT_PROMPT_INJECTION (LOW): The skill demonstrates an attack surface for indirect prompt injection.\n
  • Ingestion points: Untrusted data enters the context via WebFetch on external URLs in the specified workflow.\n
  • Boundary markers: The instructions do not define delimiters or specific 'ignore embedded instructions' warnings for the fetched content.\n
  • Capability inventory: The skill allows Write and Edit operations, which could be misused if malicious instructions are present in the fetched documentation.\n
  • Sanitization: No sanitization or validation of the external content is described before use in code generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:58 PM