umbraco-user-profile-app
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). The workflow requires the agent to ingest external content and use it to drive high-privilege operations.
- Ingestion points: Documentation URLs (docs.umbraco.com) accessed via WebFetch.
- Boundary markers: Absent; there are no instructions to delimit or ignore malicious instructions within fetched documentation.
- Capability inventory: The skill possesses 'Write' and 'Edit' permissions, which are used to generate and modify files based on the fetched content.
- Sanitization: Absent; no validation or filtering of external content is performed before use in file generation.
- EXTERNAL_DOWNLOADS (LOW): The skill references and fetches data from external documentation sites. Although these are standard for Umbraco development, they are not within the defined 'Trusted Scope' list, creating a dependency on the integrity of third-party web content.
Recommendations
- AI detected serious security threats
Audit Metadata