dotnet-json-polymorphic
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes
Bash(dotnet:*)to executedotnet build. While necessary for verification, this allows the agent to trigger the .NET compiler and any associated MSBuild tasks or targets, which could execute malicious code if the project files are compromised. - [PROMPT_INJECTION] (MEDIUM): High risk of Indirect Prompt Injection (Category 8). The skill reads and processes untrusted source code from the local filesystem to identify candidates for attributes.
- Ingestion points: Local C# files read via
ReadandGreptools. - Boundary markers: None specified; the agent treats the file content as data to be analyzed without explicit delimiters.
- Capability inventory:
Bash(dotnet:*)(command execution),Read(file access), and implicit file writing/modification capabilities. - Sanitization: No sanitization or validation of the extracted code content is performed before the agent uses it to make refactoring decisions.
Audit Metadata