Skills
skills/umbraco/umbraco-cms-backoffice-skills/umbraco-preview-app-provider/Gen Agent Trust Hub

umbraco-preview-app-provider

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill directs the agent to fetch untrusted external content and use it to perform file system operations.
  • Ingestion points: The workflow explicitly mandates fetching content from docs.umbraco.com using the WebFetch tool.
  • Boundary markers: No boundary markers or instructions to treat external content as data are present. The agent is primed to follow instructions found within the documentation.
  • Capability inventory: The skill allows Write, Edit, and WebFetch tools, creating a path from remote content to local code modification.
  • Sanitization: There is no requirement for the agent to sanitize or validate the external content before using it to generate manifests and element implementations.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 11:42 PM