ilspy-decompile
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill directs the agent to ingest and analyze code from untrusted binary files, creating a surface for embedded instructions to influence agent behavior.\n
- Ingestion points: The
dnx ilspycmdtool reads local.dllfiles from various paths including user home directories (~/.nuget/packages/) and project build directories (./bin/Debug/).\n - Boundary markers: Absent. Decompiled source code is presented to the agent's context without explicit delimiters or warnings to ignore embedded logic.\n
- Capability inventory: The skill uses
Bash(dnx:*), allowing the agent to execute any .NET tool commands. It also has read access to the local file system.\n - Sanitization: None. The output of the decompiler is not validated or sanitized before being processed by the agent.\n- Command Execution (LOW): The skill relies on executing system commands through the Bash tool using the
dnxtool runner. While restricted to thednxnamespace, this still grants the agent the ability to interact with the underlying operating system and file system to locate and process binaries.
Audit Metadata