Skills
skills/im5tu/dotnet-skills/dotnet-centralise-packages/Gen Agent Trust Hub

dotnet-centralise-packages

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill uses the Bash(dotnet:*) tool to execute dotnet build in Step 8. This command is run on project files that were modified based on untrusted content parsed from existing .csproj files, which could contain malicious MSBuild targets or instructions.
  • [REMOTE_CODE_EXECUTION] (HIGH): Malicious manipulation of the Directory.Packages.props file via untrusted input can result in the execution of arbitrary code during the NuGet restore or build process, particularly if an attacker can influence the package sources or build targets.
  • [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). Ingestion points: Parses untrusted project data in Step 3 and build errors in Step 9. Boundary markers: None. Capability inventory: Includes Bash(dotnet:*) for command execution and direct file modification capabilities. Sanitization: No validation, escaping, or filtering is performed on external strings before they are interpolated into project files or displayed to the agent for further action.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:33 PM