dotnet-devops
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [NO_CODE]: The skill is comprised entirely of Markdown documentation and templates; it does not contain any executable scripts or binaries.
- [EXTERNAL_DOWNLOADS]: The documentation provides instructions and templates that reference various third-party tools and services, including:
- GitHub Actions from community members such as
dorny/test-reporter,EnricoMi/publish-unit-test-result-action, andsoftprops/action-gh-release. - Well-known third-party services like Codecov (
codecov/codecov-action) and Coveralls (coverallsapp/github-action). - External .NET tools and utilities including
nbgv,docfx,git-cliff, anddotnet-reportgenerator-globaltool. - A GitHub CLI extension:
moritztomasi/gh-workflow-validator. - [COMMAND_EXECUTION]: The skill provides templates for CI/CD workflows that execute standard .NET development commands such as
dotnet restore,dotnet build,dotnet test, anddotnet publish. - [COMMAND_EXECUTION]: One template includes a localized Python snippet used for parsing XML coverage results via
python3 -cwithin an Azure DevOps pipeline step. - [INDIRECT_PROMPT_INJECTION]: The skill demonstrates logic for detecting repository indicators (e.g., checking for the existence of
.github/orazure-pipelines.yml) and reading metadata fromversion.jsonto guide its automation templates. - Ingestion points: File system indicators (directory and file existence) and
version.jsoncontent. - Boundary markers: Standard YAML and JSON structure used for template interpolation.
- Capability inventory: The templates perform file system operations, subprocess calls (
dotnet,bash), and network operations (pushing to NuGet or Docker registries). - Sanitization: Not applicable as the skill provides static templates for user implementation.
Audit Metadata