minimal-api-file-upload
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- Educational Content and Secure Implementation: The skill provides standard coding practices for ASP.NET Core development. The examples focus on secure implementation details, such as configuring size limits to prevent Denial-of-Service (DoS) and using anti-forgery tokens to protect against Cross-Site Request Forgery (CSRF).
- Path Traversal Protection: The skill explicitly warns against using user-provided filenames directly in file paths. It provides code using
Guid.NewGuid()to generate safe, unique filenames, which is a standard security measure to prevent path traversal attacks. - Content Validation: The instructions include a section on validating file content using magic bytes (file signatures) rather than relying solely on file extensions or MIME types, which can be easily spoofed.
- Request Size Management: The analysis identifies that the skill correctly instructs developers to configure both Kestrel body size limits and FormOptions length limits to maintain system stability during file uploads.
Audit Metadata