Skills
skills/umbraco/umbraco-cms-backoffice-skills/umbraco-menu/Gen Agent Trust Hub

umbraco-menu

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill fetches documentation from several subdirectories of docs.umbraco.com. While these are legitimate documentation sites for the Umbraco CMS, they are external sources not on the predefined trusted list.
  • [PROMPT_INJECTION] (LOW): Risk of Indirect Prompt Injection (Category 8) identified. * Ingestion points: External documentation content is ingested via the WebFetch tool. * Boundary markers: Absent; the workflow does not instruct the agent to distinguish between documentation data and executable instructions. * Capability inventory: The skill is authorized to use Write and Edit tools, allowing it to modify the local filesystem based on the ingested content. * Sanitization: Absent; no sanitization or validation of the fetched web content is performed before it influences the generated output.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:58 PM