dotnet-run-file
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill's primary purpose is executing C# code provided via files or stdin, providing a direct path for arbitrary code execution.
- DATA_EXFILTRATION (HIGH): Examples in the guide demonstrate reading local files (File.ReadAllLines) and making HTTP requests (HttpClient), which can be combined to exfiltrate sensitive data.
- EXTERNAL_DOWNLOADS (MEDIUM): The use of the '#:package' directive allows the runtime to download and execute arbitrary NuGet packages, introducing a supply chain risk.
- COMMAND_EXECUTION (HIGH): The skill directly executes the 'dotnet run' command, which compiles and runs code with the agent's system privileges.
Recommendations
- AI detected serious security threats
Audit Metadata