Skills
skills/umbraco/umbraco-cms-backoffice-skills/umbraco-sections/Gen Agent Trust Hub

umbraco-sections

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • Indirect Prompt Injection (LOW): The skill instructs the agent to fetch and follow instructions from external documentation URLs, which represents a potential attack surface if those external sources are compromised.
  • Ingestion points: External documentation links located under the 'Documentation' header (docs.umbraco.com).
  • Boundary markers: Absent; there are no specific instructions to treat the fetched documentation as untrusted data or to use delimiters.
  • Capability inventory: The skill allows the 'Write' and 'Edit' tools, which would allow an agent to modify local project files based on the fetched (potentially malicious) content.
  • Sanitization: None; the skill does not specify any validation or sanitization steps for the fetched content before it is used to generate code.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:58 PM