dotnet-ci-benchmarking
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the lack of sanitization when processing benchmark results for GitHub PR comments.\n
- Ingestion points: The
compare-benchmarks.pyscript ingests JSON data from the BenchmarkDotNet results directory (benchmarks/BenchmarkDotNet.Artifacts/results).\n - Boundary markers: There are no explicit delimiters or boundary markers used when the benchmark data is processed or when the final Markdown report is generated.\n
- Capability inventory: The skill uses
actions/github-script@v7to post the generated comparison report as a comment on the GitHub Pull Request, which could be interpreted as instructions by the agent or subsequent automated tools if the content is malicious.\n - Sanitization: Benchmark names (
FullNamein the JSON report) are interpolated directly into a Markdown table without any escaping or validation. An attacker could potentially inject Markdown or instructions by crafting a benchmark name in a pull request.\n- [EXTERNAL_DOWNLOADS]: The workflow incorporates official GitHub Actions from a trusted organization.\n - References
actions/checkout@v4,actions/setup-dotnet@v4,actions/upload-artifact@v4,actions/download-artifact@v4, andactions/github-script@v7.\n - These downloads are from the
actionsorganization, which is a trusted vendor and a well-known service provider, and thus do not escalate the security verdict.
Audit Metadata