umbraco-notifications
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The content consists entirely of technical instructions for Umbraco development. There are no attempts to override agent behavior, bypass safety filters, or extract system prompts.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, API keys, or sensitive file paths (like .env or .ssh) were found. The use of the WebFetch tool is directed at official documentation domains (docs.umbraco.com).
- [Obfuscation] (SAFE): The file contains clear-text Markdown and TypeScript. No Base64, zero-width characters, or homoglyphs were detected.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill refers to standard Umbraco Node.js packages (@umbraco-cms/backoffice). There are no commands that download and execute arbitrary scripts or install untrusted packages.
- [Indirect Prompt Injection] (LOW): The skill utilizes the WebFetch tool to ingest external content from docs.umbraco.com. This represents an attack surface for indirect injection if the documentation site were compromised, but as it targets a trusted official source, the risk is categorized as LOW.
- Ingestion points: WebFetch tool used on docs.umbraco.com in the workflow.
- Boundary markers: Absent; the workflow does not specify markers to delimit fetched content.
- Capability inventory: Read, Write, Edit, WebFetch.
- Sanitization: None mentioned.
- [Dynamic Execution] (SAFE): The provided code snippets are static TypeScript examples. There is no usage of eval(), exec(), or runtime code generation.
Audit Metadata