moai-lang-csharp
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and execute the official .NET installation script from Microsoft's 'dot.net' domain. This is a standard and trusted procedure for environment setup.
- [COMMAND_EXECUTION]: The skill requires the 'Bash' tool to execute 'dotnet' CLI commands for project creation, building, testing, and formatting. It also uses shell commands for SDK management via 'wget' and 'chmod'.
- [PROMPT_INJECTION]: There is a surface for indirect prompt injection due to the integration with 'context7' MCP tools that fetch external documentation at runtime.
- Ingestion points: The agent reads content fetched from 'mcp__context7__get-library-docs' and 'mcp__context7__resolve-library-id'.
- Boundary markers: The skill does not define clear delimiters or 'ignore' instructions for the data retrieved from the documentation service.
- Capability inventory: The skill has authorized access to 'Bash', 'Read', and MCP documentation tools.
- Sanitization: No sanitization or validation logic is present to filter malicious instructions embedded in external documentation content.
Audit Metadata