umbraco-testing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill provides a vulnerability surface for indirect prompt injection by combining data ingestion tools with file modification capabilities. \n
- Ingestion points: The skill metadata explicitly allows the
WebFetchtool for external data retrieval andReadfor local file access (SKILL.md). \n - Boundary markers: Absent. The instructions do not include any markers, delimiters, or specific guidance to the agent to disregard instructions embedded within data retrieved from external URLs or local test files. \n
- Capability inventory: The skill is granted
WriteandEditpermissions, which allows the agent to modify the local filesystem, potentially creating or altering files based on malicious instructions found in untrusted external content. \n - Sanitization: No sanitization, validation, or filtering of external content is defined. \n- [External Downloads] (LOW): The skill is configured with the
WebFetchcapability. Although no malicious URLs are hardcoded, the tool permits the agent to reach non-whitelisted domains, increasing the potential for data exfiltration or ingestion of untrusted payloads. \n- [Command Execution] (LOW): The skill documentation suggests several shell commands (e.g.,npm test,npm run test:e2e). If an agent uses these in an environment where arguments or environment variables are sourced from untrusted external content, it could lead to command injection.
Recommendations
- AI detected serious security threats
Audit Metadata