umbraco-umbraco-element
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): No evidence of instructions designed to bypass safety filters or override agent behavior. The workflow is strictly instructional for software development.
- [DATA_EXPOSURE] (SAFE): No hardcoded secrets, API keys, or access to sensitive file paths (~/.ssh, .env) were found.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill uses WebFetch to access official Umbraco documentation (docs.umbraco.com). These are trusted, non-malicious sources required for the skill's primary function.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill exhibits an attack surface by ingesting external web content and writing files, but the risk is mitigated by targeting official vendor documentation.
- Ingestion points: WebFetch is used to retrieve content from docs.umbraco.com.
- Boundary markers: Not explicitly used, but the agent's task is limited to generating specific TypeScript element structures.
- Capability inventory: Includes file writing and editing (Write, Edit) within the project scope.
- Sanitization: The skill relies on standard LLM output safety for code generation based on documentation content.
Audit Metadata