Skills
skills/jeongheonk/c-sharp-custom-marketplace/csharp-tdd-develop/Gen Agent Trust Hub

csharp-tdd-develop

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill interpolates user-provided $ARGUMENTS directly into the instructions for a sub-agent. A user could provide a crafted description that overrides the sub-agent's logic or forces it to perform unintended file operations.
  • PROMPT_INJECTION (LOW): Indirect prompt injection surface via project metadata.
  • Ingestion points: The scripts/test-detector.js script reads and extracts package names from .csproj files within the user's workspace.
  • Boundary markers: Absent. The output of the detector script is presented directly to the orchestrator agent without sanitization or delimiters.
  • Capability inventory: The agent has Bash, Write, Edit, and Task capabilities, which are high-impact if manipulated.
  • Sanitization: None. The skill assumes the contents of .csproj files are legitimate XML/metadata.
  • COMMAND_EXECUTION (LOW): The skill uses Bash(dotnet test *). While essential for the primary purpose (TDD), executing tests on untrusted projects can lead to arbitrary code execution if the test suites contain malicious setup code or life-cycle hooks.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:16 PM