Skills
skills/novotnyllc/dotnet-artisan/dotnet-gha-patterns/Gen Agent Trust Hub

dotnet-gha-patterns

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references official and well-known GitHub Actions including actions/checkout@v4, actions/setup-dotnet@v4, actions/cache@v4, and actions/upload-artifact@v4. These are trusted tools provided by the platform and are used according to security best practices.
  • [COMMAND_EXECUTION]: Example workflows demonstrate standard .NET CLI commands such as dotnet build, dotnet restore, and dotnet test. These commands are integral to the primary purpose of the skill and do not involve untrusted inputs or risky execution methods.
  • [CREDENTIALS_UNSAFE]: The skill provides examples for managing sensitive information using GitHub Secrets (e.g., NUGET_AUTH_TOKEN, CONNECTION_STRING). It correctly demonstrates using placeholders and the secrets: inherit keyword, ensuring that credentials are not hardcoded but managed via the environment's native security features.
  • [PROMPT_INJECTION]: Analysis of the dynamic matrix generation pattern revealed a low-risk architectural surface:
  • Ingestion points: Local .csproj files are parsed via grep and sed in a bash script.
  • Boundary markers: The logic is restricted to specific regex-based file extraction within the repository context.
  • Capability inventory: Extracted values populate a GitHub Actions matrix for running dotnet test jobs.
  • Sanitization: The script uses jq to ensure extracted data is formatted as a valid, structured JSON array, preventing shell injection or data corruption.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 12:10 AM