dotnet-test
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill utilizes the Bash tool to execute 'dotnet test' and 'dotnet watch test' commands. These commands compile and run code within the project directory, which is the intended behavior for a testing skill but introduces a risk if the code being tested is untrusted.
- EXTERNAL_DOWNLOADS (LOW): The skill provides instructions to install 'dotnet-reportgenerator-globaltool' via the .NET CLI. This installs a third-party package from an external registry. Although it is a standard tool in the .NET ecosystem, it is classified as an unverifiable external download according to the analysis protocol.
- PROMPT_INJECTION (LOW): The skill presents a surface for indirect prompt injection (Category 8) because it reads and analyzes external data such as project files (.csproj), configuration (.runsettings), and test output using tools like Read and Grep. Evidence: 1. Ingestion points: .csproj and .runsettings files; 2. Boundary markers: None present; 3. Capability inventory: Bash tool usage for command execution; 4. Sanitization: No explicit filtering or validation of file contents is mentioned.
- DATA_EXFILTRATION (SAFE): No hardcoded secrets, credentials, or patterns of sensitive data exfiltration (such as targeting SSH keys or environment variables) were detected in the skill files.
Audit Metadata