umbraco-tiptap-statusbar-extension
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest untrusted data from external websites and has the capability to modify the local filesystem.
- Ingestion points: The 'Workflow' section (SKILL.md) explicitly instructs the agent to use 'WebFetch' on external URLs (docs.umbraco.com, tiptap.dev) to retrieve documentation content.
- Boundary markers: No delimiters or safety instructions are provided to the agent to distinguish between legitimate documentation and potential malicious instructions embedded within the fetched HTML or markdown.
- Capability inventory: The skill possesses 'Write' and 'Edit' permissions (defined in frontmatter) and is instructed to 'Generate files' based on the fetched data, allowing it to modify the project workspace.
- Sanitization: There is no evidence of sanitization, validation, or filtering of the content retrieved via 'WebFetch' before it is processed by the agent's reasoning engine.
Recommendations
- AI detected serious security threats
Audit Metadata