dotnet-slopwatch
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill recommends installing the
Slopwatch.Cmdpackage (version 0.2.0) from the NuGet registry. This is an unverifiable third-party dependency because the author/organization is not included in the pre-approved trusted list. - COMMAND_EXECUTION (LOW): The skill executes the
slopwatchcommand locally to perform static analysis on source code. This is the intended behavior for the tool's purpose. - PROMPT_INJECTION (LOW): The skill has an indirect prompt injection surface (Category 8) because it reads and processes untrusted local source code and then provides those findings back to the AI agent. Ingestion points: C# source files (.cs), project files (.csproj), and property files (.props). Boundary markers: Absent. Capability inventory: Execution of the
slopwatchbinary and file system reads. Sanitization: Not specified in the skill configuration.
Audit Metadata