The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill ingests untrusted user descriptions to drive a planning phase that has access to high-privilege tools including Bash and file system modification. It lacks boundary markers and sanitization, creating a surface where an attacker can inject instructions to execute malicious code during the build or validation steps. Ingestion: User build description; Capability: Bash execution; Boundaries: Absent; Sanitization: Absent.
[Remote Code Execution] (HIGH): The skill initiates the installation of plugins from 'umbraco-backoffice-marketplace', which is an unverifiable external source. This allows for the download and execution of arbitrary code at runtime.
[Credential Exposure] (HIGH): Hardcoded default credentials ('admin@test.com' / 'SecurePass1234') are used in the setup process. While designated for local development, hardcoded passwords in scripts represent an unsafe practice.
[External Downloads] (MEDIUM): The skill clones repositories from 'https://github.com/umbraco/', which is not on the trusted sources list, and integrates this code into the workspace.
[Dynamic Execution] (MEDIUM): The workflow involves running 'npm run build' and 'dotnet run' on code that is dynamically created or modified based on external input.

umbraco-quickstart