The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill is susceptible to indirect prompt injection attacks. It is designed to ingest and analyze external solution data, such as .csproj files and NuGet configurations, and subsequently generate or modify application code and configuration files. This combination of untrusted data ingestion and significant 'write' capabilities (endpoints, services, and system configuration) constitutes a high-severity risk. ● Ingestion points: Core Workflow Step 1 in SKILL.md (Reviewing .csproj files and NuGet packages). ● Boundary markers: Absent; there are no instructions to the agent to distinguish between its own system prompt and instructions that might be embedded in the analyzed code. ● Capability inventory: The skill provides templates and workflows for writing API endpoints, services, and configuration files (SKILL.md). ● Sanitization: Absent; no validation or escaping of external content is defined.
[Metadata Poisoning] (MEDIUM): Misleading metadata is present in the skill description and Knowledge Reference sections. It claims support for C# 14 and .NET 10, versions that have not been released and are currently non-existent. This suggests the skill metadata may be inaccurate or AI-generated without human verification, which could lead to hallucinations or incorrect architectural advice.

csharp-developer