umbraco-tiptap-toolbar-extension
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill is designed to ingest data from external documentation via the
WebFetchtool. - Ingestion points: The workflow explicitly directs the agent to fetch content from
docs.umbraco.comandtiptap.dev. - Boundary markers: While explicit boundary markers are not used in the workflow description, the targeting of specific, high-trust vendor documentation sites minimizes the risk of adversarial content.
- Capability inventory: The skill possesses
Read,Write,Edit, andWebFetchcapabilities, allowing it to read external data and modify the local filesystem. - Sanitization: No explicit sanitization is performed, but the primary use case (fetching official docs for code generation) is a low-risk activity within this context.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or access to sensitive system paths (e.g., SSH keys, env files) were found. Network activity is limited to fetching documentation from trusted domains.
- Unverifiable Dependencies (SAFE): The code templates reference standard industry packages (
@umbraco-cms/backofficeand@tiptap/core) and do not attempt to install or execute untrusted third-party code.
Audit Metadata