Skills
skills/finos/morphir-dotnet/aot-guru/Gen Agent Trust Hub

aot-guru

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The aot-test-runner.fsx script uses System.Diagnostics.Process to programmatically execute dotnet build and dotnet publish commands. It further executes the resulting compiled binaries to perform 'smoke tests' using --version and --help arguments.
  • [EXTERNAL_DOWNLOADS]: The included F# diagnostic and analysis scripts (aot-analyzer.fsx, aot-diagnostics.fsx, and aot-test-runner.fsx) utilize the #r "nuget: ..." directive to download and load the System.Text.Json and Argu packages from the official NuGet registry at execution time.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted external data, specifically build logs and source code, and provides summarized reports to the agent.
  • Ingestion points: aot-analyzer.fsx reads build log files; aot-diagnostics.fsx recursively scans project source files (.cs, .fs).
  • Boundary markers: None identified; input data is processed as raw text without specific delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill has the ability to read the file system, execute dotnet CLI commands, and run generated executables.
  • Sanitization: There is no evidence of input sanitization or validation of the content within logs or source files before analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:45 PM