umbraco-state-management
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) as it ingests untrusted external data and has the capability to write and edit local files. * Ingestion points: Documentation is fetched from docs.umbraco.com via the WebFetch tool as defined in SKILL.md. * Boundary markers: There are no explicit delimiters to isolate external documentation from agent instructions. * Capability inventory: Write and Edit permissions are granted in the frontmatter, enabling the agent to modify the filesystem based on external input. * Sanitization: No sanitization or validation logic is performed on the ingested content.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill references unverified @umbraco-cms packages and performs network operations on domains outside the trusted provider list defined in policy.
Recommendations
- AI detected serious security threats
Audit Metadata