umbraco-manifest-picker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill uses the WebFetch tool to access docs.umbraco.com. While this is an official documentation site, it is not on the specific trusted domain whitelist provided in the security policy.
- PROMPT_INJECTION (LOW): The skill possesses a surface for indirect prompt injection as it ingests content from external documentation. Evidence: 1. Ingestion points: docs.umbraco.com via the WebFetch tool. 2. Boundary markers: The skill does not provide delimiters or instructions to ignore embedded commands in the fetched content. 3. Capability inventory: The skill uses Write and Edit tools, allowing the agent to generate or modify local files based on external input. 4. Sanitization: No sanitization or validation of the fetched documentation is performed.
Audit Metadata