format
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard .NET SDK commands such as
dotnet formatanddotnet --info. These are legitimate tools for the intended purpose of formatting code and verifying environment setup. - [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it reads and processes external files from the repository being analyzed.
- Ingestion points:
AGENTS.md, solution/project files, and.editorconfigfiles are read from the repository context. - Boundary markers: No specific delimiters or safety instructions are defined to wrap the ingested content.
- Capability inventory: The skill is capable of executing shell commands via the
dotnetCLI. - Sanitization: No specific sanitization or filtering logic is present for the data read from project files. Despite this surface, the skill provides specific guidance to the agent to 'Prefer the SDK-provided dotnet format command instead of inventing custom format scripts,' which acts as a procedural safeguard against malicious instructions embedded in the project files.
Audit Metadata