dotnet-debugging
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install and execute an MCP server directly from a third-party GitHub repository (
https://github.com/svnscha/mcp-windbg) usinguvx. This source is not part of the trusted vendors list and is not explicitly linked to the skill author (novotnyllc), creating a risk of running unverified code. - [COMMAND_EXECUTION]: The live attach workflow (references/live-attach.md) involves launching
cdb.exewith a TCP server listener (-server tcp:port=5005). This exposes the target process to the network, potentially allowing unauthorized access to the debug session if not properly restricted to localhost. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection through the data it processes.
- Ingestion points: Crash dump files (
.dmp) and live process memory are read into the agent's context via WinDbg commands (e.g.,!pe,!clrstack). - Boundary markers: The instructions lack delimiters or warnings to ignore potentially malicious instructions embedded in the string data or exception messages found within the debugged process.
- Capability inventory: The agent has the ability to execute arbitrary debugger commands (
mcp_mcp-windbg_run_windbg_cmd) and generate diagnostic reports based on this untrusted data. - Sanitization: There is no documented process for sanitizing or escaping content extracted from memory before it is processed by the LLM, which could allow strings inside a crash dump to influence agent behavior.
Audit Metadata