dotnet-file-based-apps
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides documentation for official .NET 10 SDK functionality for running C# code without project files. It follows standard development practices for the .NET ecosystem.\n- [COMMAND_EXECUTION]: The skill describes the use of standard .NET CLI commands (dotnet run, dotnet build, dotnet publish) to manage application lifecycles. These commands are executed within the context of the .NET SDK.\n- [EXTERNAL_DOWNLOADS]: The skill explains the use of the #:package directive to reference NuGet packages. Examples provided use well-known packages such as Serilog, Newtonsoft.Json, and Spectre.Console from official registries.\n- [PROMPT_INJECTION]: The skill describes a mechanism where #: directives in source files act as configuration for the SDK. While this creates a surface for indirect instructions, it is a documented feature of the .NET toolchain.\n
- Ingestion points: .cs source files, app.run.json configuration, and directory-level MSBuild files.\n
- Boundary markers: Directives must be placed at the top of the file before any code.\n
- Capability inventory: The agent uses standard .NET SDK tools to compile and run code.\n
- Sanitization: The skill relies on standard .NET SDK parsing and execution boundaries.
Audit Metadata