tunit
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the .NET CLI (dotnet test, dotnet run, and dotnet add) to interact with the project's testing infrastructure and dependencies. This is the intended purpose of the skill.
- [PROMPT_INJECTION]: The skill is designed to ingest and execute commands found in the repository's local AGENTS.md file, creating an indirect prompt injection surface. * Ingestion points: AGENTS.md (referenced in SKILL.md Workflow). * Boundary markers: No delimiters or ignore-instructions are used when processing the command from the file. * Capability inventory: The skill has the capability to execute shell commands and install packages. * Sanitization: No sanitization is performed on the command retrieved from the repository file.
- [EXTERNAL_DOWNLOADS]: Reference documentation (references/integration-testing.md) describes the use of the Playwright library to install browser binaries. This involves fetching executable content from official Microsoft infrastructure, which is a well-known and trusted source.
Audit Metadata