The Agent Skills Directory

Prompt Injection (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). It is designed to read and analyze external codebases which could contain hidden malicious instructions.
Ingestion points: Uses Read, Glob, and Grep tools to ingest content from .csproj files, NuGet package configurations, and C# source code.
Boundary markers: The instructions do not define clear boundaries or 'ignore' rules for content found within the analyzed files, making it possible for comments in code to influence the agent's behavior.
Capability inventory: The agent has access to Bash, Write, dotnet, and nuget, providing a significant attack surface if an indirect injection is successful.
Sanitization: There is no mention of sanitizing or escaping the content read from files before it is processed by the LLM logic.
Command Execution (SAFE): The skill utilizes tools like Bash, dotnet, msbuild, and nuget. While these allow for arbitrary command execution and package installation, their inclusion is consistent with the primary purpose of a C# developer agent. No patterns of downloading and executing untrusted remote scripts were detected.

csharp-developer