aspire
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): Multiple files including SKILL.md and references/cli-reference.md instruct the user to execute
curl -sSL https://aspire.dev/install.sh | bash. This pattern is a high-risk remote code execution vector that bypasses script verification. - [COMMAND_EXECUTION] (HIGH): The skill recommends using
irm https://aspire.dev/install.ps1 | iexfor Windows installation in references/cli-reference.md and references/deployment.md. This is an unsafe practice equivalent to piped bash execution. - [EXTERNAL_DOWNLOADS] (LOW): The skill references several external resources and documentation sites (e.g., aspire.dev, github.com/dotnet/aspire). While these are official sources, the automated instructions for direct execution increase the risk profile.
- [PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection via the ingestion of documentation and logs.
- Ingestion points: The
search_docsandlist_console_logstools provided by the MCP server (references/mcp-server.md). - Boundary markers: None identified; external data is not explicitly delimited from agent instructions.
- Capability inventory: Powerful CLI commands like
aspire deployandaspire publish(references/cli-reference.md). - Sanitization: No evidence of input sanitization for data fetched via MCP tools.
Recommendations
- HIGH: Downloads and executes remote code from: https://aspire.dev/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata