aspire-integration-testing

[Skill Scanner] Natural language instruction to download and install from URL detected This skill is benign in intent (integration-test patterns) and contains no direct malware. However it includes high-risk operational features that can lead to credential or data exposure if misused: notably MCP (Model Context Protocol) which allows AI assistants to read logs/traces and execute commands, the /dev-login test-auth endpoint that mints real tokens, and the recommendation of ASPIRE_ALLOW_UNSECURED_TRANSPORT for debugging. If MCP or test-auth are enabled on non-isolated machines or CI runners, they could be abused to exfiltrate secrets or perform unauthorized actions. Recommendation: treat MCP and test-auth as test-only features, require explicit safeguards (authentication, network isolation, TLS), and avoid enabling insecure transport in shared environments. LLM verification: This document contains legitimate integration-test patterns for Aspire + xUnit and does not contain direct malicious code or obfuscation techniques. Primary security concerns are operational: enabling MCP (AI assistants able to query logs/state and execute commands), a test /dev-login endpoint that issues real auth tokens, and guidance to relax transport security. These features are safe when confined to strongly isolated test environments but dangerous if enabled in CI/shared/prod contexts. Rec