dotnet-mcaf-nfr
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were identified in the skill's logic or reference materials. The external links provided target well-known informational resources and official documentation.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it is designed to ingest and analyze untrusted content from the repository. 1. Ingestion points: Reads feature docs, Architecture Decision Records (ADRs), and architecture docs from the repository (SKILL.md). 2. Boundary markers: No explicit delimiters or instructions are provided to separate repository content from agent instructions. 3. Capability inventory: The skill allows the agent to modify code, documentation, and configuration files. 4. Sanitization: No sanitization or validation of ingested repository content is performed.
Audit Metadata