Skills
skills/umbraco/umbraco-cms-backoffice-skills/umbraco-workspace/Gen Agent Trust Hub

umbraco-workspace

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: The skill utilizes the WebFetch tool to retrieve data from external URLs (docs.umbraco.com) in its primary workflow.
  • Boundary markers: The skill lacks explicit instructions or delimiters to isolate fetched content or warn the agent to ignore embedded instructions within the documentation.
  • Capability inventory: The agent possesses Write and Edit permissions, which are used to generate TypeScript components and modify local .csproj files based on the fetched content.
  • Sanitization: There is no evidence of sanitization or validation performed on the external content before it is interpolated into code generation tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:58 PM