dotnet-dependency
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill authorizes a wide range of
dotnetCLI subcommands through theBashtool, includingnuget why,list,package search,add package, andtool. This provides the agent with significant control over the local development environment and project configuration. - [REMOTE_CODE_EXECUTION]: Capabilities such as
dotnet add packageanddotnet tool install/updateare equivalent to remote code execution. NuGet packages can execute code during the build process via MSBuild targets, and .NET tools are arbitrary executable binaries downloaded from external sources. - [EXTERNAL_DOWNLOADS]: The skill is designed to fetch packages and tools from external registries (e.g., NuGet). While typically directed at
nuget.org, theallowed-toolsconfiguration does not restrict the agent from adding untrusted package sources or installing malicious packages if instructed to do so. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. If an agent audits a project containing malicious instructions embedded in
.csprojfiles,nuget.config, or package metadata, it could be manipulated into executing dangerous commands using its availabledotnetandBashcapabilities. - Ingestion points: Project files (
.csproj), package lists, and search results processed viadotnet listandgrep. - Boundary markers: None identified in the prompt instructions to distinguish between data and instructions.
- Capability inventory: The agent can add/remove packages, update tools, and execute shell commands via
Bash. - Sanitization: No sanitization or validation of package IDs or tool names is implemented before execution.
Audit Metadata