Skills
skills/umbraco/umbraco-cms-backoffice-skills/umbraco-kinds/Gen Agent Trust Hub

umbraco-kinds

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill is designed to fetch and process external data from documentation URLs using WebFetch, which introduces a vulnerability surface.
  • Ingestion points: Workflow uses WebFetch on external documentation URLs (docs.umbraco.com).
  • Boundary markers: Absent; there are no instructions to the agent to treat external content as untrusted data.
  • Capability inventory: The skill possesses Read, Write, and Edit tools, allowing it to modify the local filesystem based on the fetched content.
  • Sanitization: Absent; the skill does not perform sanitization on the fetched content.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:59 PM