Skills
skills/managedcode/dotnet-skills/coverage-analysis/Gen Agent Trust Hub

coverage-analysis

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes dotnet test to run project tests and collect coverage, dotnet tool install to set up ReportGenerator, and git for repository structure detection. It also modifies test projects using dotnet add package to ensure necessary coverage collectors are present.\n- [EXTERNAL_DOWNLOADS]: Fetches dotnet-reportgenerator-globaltool and NuGet packages including coverlet.collector and Microsoft.Testing.Extensions.CodeCoverage from the official NuGet registry, which is a well-known service. These components are required for the skill's core functionality.\n- [PROMPT_INJECTION]: The skill processes and summarizes Cobertura XML files generated during test execution to build a summary report for the agent, representing an indirect prompt injection surface.\n
  • Ingestion points: coverage.cobertura.xml parsed in Compute-CrapScores.ps1 and Extract-MethodCoverage.ps1.\n
  • Boundary markers: Absent; data is interpolated into the final report template without specific ignore-instructions delimiters.\n
  • Capability inventory: Shell command execution (dotnet, git, reportgenerator) and local file system access across all scripts.\n
  • Sanitization: Data is parsed into structured XML objects before being formatted into the markdown report, reducing the risk of direct command execution via injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 02:19 AM