umbraco-skill-code-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability. The skill processes untrusted content from all SKILL.md files in the environment. Evidence: (1) Ingestion point: File system glob of SKILL.md files. (2) Boundary markers: Absent. (3) Capability inventory: Bash tool usage, file system write (report generation), and TS compilation. (4) Sanitization: Absent. Malicious snippets can poison the report to influence the agent's downstream logic.
- [REMOTE_CODE_EXECUTION] (HIGH): Unsafe Compilation. The skill uses the 'typescript' package and 'tsx' to compile code blocks extracted from untrusted Markdown files. Compiling arbitrary attacker-controlled code can lead to RCE through compiler exploits or malicious configurations.
- [COMMAND_EXECUTION] (HIGH): Blind Execution risk. The instructions require the agent to run 'analyze-code.ts' via 'npx tsx', but this file is missing from the skill payload. Executing unknown or missing local scripts is a critical security violation.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Unverifiable dependencies. The skill downloads multiple npm packages from non-trusted sources, including '@umbraco-cms/backoffice'.
Recommendations
- AI detected serious security threats
Audit Metadata