generate-dto
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerability to Indirect Prompt Injection via untrusted local data ingestion.
- Ingestion points: The skill reads entity definitions from
*.Domain/Entities/and a prompt template from.github/prompts/create-entity-dto.prompt.md. - Boundary markers: No explicit boundary markers or 'ignore embedded instructions' warnings are used when processing the entity content or the template.
- Capability inventory: The skill has the capability to create and modify files (specifically in
*.Application/EntityDtos/). - Sanitization: There is no evidence of sanitization or validation of the content read from the entity files. If an entity class contains hidden instructions (e.g., in a comment or metadata), the agent might execute them instead of generating the DTO, leading to unauthorized file writes or configuration changes.
- [COMMAND_EXECUTION] (LOW): The skill performs filesystem searches and read/write operations. While these are standard for a development tool, they provide the necessary surface for the Indirect Prompt Injection mentioned above.
Recommendations
- AI detected serious security threats
Audit Metadata