Skills
skills/umbraco/umbraco-cms-backoffice-skills/umbraco-header-apps/Gen Agent Trust Hub

umbraco-header-apps

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill utilizes WebFetch to retrieve documentation from docs.umbraco.com. This is a trusted primary source for the skill's stated purpose and does not involve executing remote scripts.
  • [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface by ingesting external web content.
  • Ingestion points: WebFetch tool is used to read content from external URLs in the 'Workflow' section.
  • Boundary markers: Absent. There are no instructions to the agent to treat the fetched content as data only or to ignore embedded instructions.
  • Capability inventory: The agent has access to Read, Write, Edit, and WebFetch tools, which could be misused if the fetched content contained malicious instructions.
  • Sanitization: Absent. The skill does not provide logic to sanitize or validate the external documentation before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:59 PM