Skills
skills/umbraco/umbraco-cms-backoffice-skills/umbraco-search-provider/Gen Agent Trust Hub

umbraco-search-provider

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Indirect Prompt Injection (LOW): The skill workflow involves fetching external data and using it to generate implementation code, creating a Category 8 vulnerability surface.
  • Ingestion points: External URLs via the WebFetch tool (e.g., https://docs.umbraco.com/umbraco-cms/customizing/extending-overview/extension-types).
  • Boundary markers: Absent; there are no instructions to the agent to treat fetched content as untrusted or to use delimiters.
  • Capability inventory: The skill allows the use of Write and Edit tools to generate and modify files based on the untrusted input.
  • Sanitization: Absent; the agent is directed to follow fetched documentation directly for implementation.
  • Unverifiable Dependencies & Remote Code Execution (LOW): The skill uses WebFetch to download content from docs.umbraco.com. Although this is a legitimate documentation site, it is not on the specific trusted source list. The pattern of fetching external content to drive logic is noted as a low-severity risk in this context.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:59 PM