Skills
skills/jg-chalk-io/nora-livekit/moai-lang-csharp/Gen Agent Trust Hub

moai-lang-csharp

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the official .NET installation script from Microsoft's trusted domain.
  • Evidence: wget https://dot.net/v1/dotnet-install.sh in reference.md.
  • [REMOTE_CODE_EXECUTION]: Instructions describe making the downloaded .NET install script executable and running it.
  • Evidence: chmod +x dotnet-install.sh and ./dotnet-install.sh in reference.md.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to run dotnet CLI commands for project lifecycle management.
  • Evidence: Commands such as dotnet new, dotnet build, and dotnet test are documented for use via Bash.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection due to the processing of untrusted external data.
  • Ingestion points: The UserService.FetchUserDataAsync method in examples.md retrieves content from jsonplaceholder.typicode.com.
  • Boundary markers: No delimiters or safety instructions are used to wrap the remote content before it is processed by the agent.
  • Capability inventory: The skill has access to the Bash tool, which can execute system-level commands if the agent is manipulated by remote content.
  • Sanitization: The provided code examples lack validation or sanitization of the JSON data returned from the external API.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 05:14 PM