dotnet-coverlet
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to read and respect instructions from a local
AGENTS.mdfile, which creates a surface for indirect prompt injection if that file contains malicious directives meant to influence the agent's behavior or command selection. - Ingestion points: Reads
AGENTS.md(documented inSKILL.mdunder compatibility and quick start). - Boundary markers: None explicitly defined to separate instructions in
AGENTS.mdfrom the skill's own logic. - Capability inventory: The skill performs package installations (
dotnet add package), tool installations (dotnet tool install), and command execution (dotnet test,dotnet tool run). - Sanitization: No explicit sanitization or validation of the content found within
AGENTS.mdis described.
Audit Metadata