Skills
skills/im5tu/dotnet-skills/dotnet-aot-analysis/Gen Agent Trust Hub

dotnet-aot-analysis

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill is highly vulnerable to indirect prompt injection from untrusted project files.
  • Ingestion points: The skill uses Read, Glob, and Grep to inspect project files (.csproj, Directory.Build.props) and source code to identify project types and compatibility (Steps 2 and 6).
  • Boundary markers: No boundary markers or 'ignore' instructions are used to separate the analyzed project data from the agent's logic.
  • Capability inventory: The skill can modify project configuration files (Steps 5 and 6) and executes dotnet build via the Bash tool (Step 7).
  • Sanitization: There is no evidence of sanitization for the project content being read. An attacker could embed instructions in a project's metadata or comments to trick the agent into performing unauthorized actions.
  • COMMAND_EXECUTION (MEDIUM): The skill invokes the dotnet build command on the user's project. While this is a standard operation, if the project files have been maliciously modified (via the injection path mentioned above or pre-existing malicious MSBuild targets), this can lead to arbitrary code execution on the user's machine.
  • EXTERNAL_DOWNLOADS (LOW): The skill references sub-skills like dotnet-source-gen-json and documentation from learn.microsoft.com. While the documentation links are to a trusted source, the repository for the skill itself (https://github.com/im5tu/dotnet-skills) is not in the trusted sources list.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:57 PM