skills/kevintsengtw/dotnet-testing-agent-skills/dotnet-testing-advanced-testcontainers-database/Gen Agent Trust Hub
dotnet-testing-advanced-testcontainers-database
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill uses hardcoded passwords to configure local test database containers.
- Evidence: Strings such as 'testpass' and 'YourStrong@Passw0rd' are found in
templates/postgresql-container-fixture.csandSKILL.md. - [COMMAND_EXECUTION]: The provided templates include functionality to load and execute SQL commands from local files.
- Evidence: The
EnsureTablesExistmethod intemplates/dapper-integration-tests.csandtemplates/mssql-collection-fixture.csreads file content usingFile.ReadAllTextand executes it via_connection.Execute(script)orDbContext.Database.ExecuteSqlRaw(script). - [PROMPT_INJECTION]: The skill presents an indirect injection surface by ingesting and executing local SQL scripts as database commands.
- Ingestion points: Reads
.sqlfiles from theSqlScripts/directory (identified intemplates/dapper-integration-tests.csandtemplates/mssql-collection-fixture.cs). - Boundary markers: Absent; file content is read and interpolated directly into execution methods without delimiters or ignore instructions.
- Capability inventory: Capability to execute database commands via Dapper's
Executeand Entity Framework Core'sExecuteSqlRawmethods. - Sanitization: No validation or escaping is applied to the script content before it is executed against the database.
Audit Metadata