dotnet-http-client
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks detected. The skill provides legitimate guidance on using .NET IHttpClientFactory for HTTP API consumption.
- [PROMPT_INJECTION]: No evidence of malicious instructions or bypass attempts. Analysis of Indirect Prompt Injection vulnerability surface: 1. Ingestion points: CatalogApiClient methods in SKILL.md reading data via ReadFromJsonAsync; 2. Boundary markers: Absent, uses standard JSON deserialization; 3. Capability inventory: Limited to HTTP client operations, no shell or OS-level execution; 4. Sanitization: Implicitly managed via strongly-typed C# object deserialization.
- [DATA_EXFILTRATION]: No unauthorized data transmission or exposure of sensitive files. Authentication patterns for API Keys and Bearer tokens are implemented using standard .NET abstractions like IConfiguration and IHttpContextAccessor.
- [REMOTE_CODE_EXECUTION]: All implementation code is local and static. No dynamic code execution or fetching of remote scripts from untrusted sources. Referenced packages are official Microsoft extensions.
Audit Metadata