dotnet-advisor
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow for reading and parsing untrusted project configuration files, creating a surface for indirect prompt injection.
- Ingestion points: The skill specifies loading [skill:dotnet-tooling] to read project TFMs from
.csproj,Directory.Build.props, andglobal.jsonfiles. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within these files are provided in the routing logic.
- Capability inventory: The skill routes queries and influences agent behavior based on the detected project state; it delegates actions to other skills which may have broader system permissions.
- Sanitization: There is no mention of validation or sanitization of the configuration file content before it is used to adapt agent guidance.
- [NO_CODE]: The skill is composed strictly of markdown-based instructions, routing tables, and metadata. It does not include any Python scripts, Node.js code, shell scripts, or compiled binaries, which significantly limits the direct execution of malicious commands or system persistence.
Audit Metadata