dotnet-middleware-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill documents an indirect prompt injection surface. The
RequestLoggingMiddlewareand response manipulation patterns ingest untrusted data fromcontext.Request.Body. While no malicious behavior is present, these patterns demonstrate how an agent might process raw user-controlled input. - Ingestion points:
SKILL.mdcontains code snippets (e.g.,RequestLoggingMiddleware,TenantMiddleware) that read data directly from HTTP headers (X-Tenant-Id) and the request body stream. - Boundary markers: Absent; the code snippets provide functional logic without explicit delimiters for the data being logged or processed.
- Capability inventory: The middleware snippets demonstrate logging (
_logger.LogDebug), database access (TenantDbContext), and modification of the response body stream. - Sanitization: The example code does not include sanitization or validation of the ingested request body before logging or processing, which is standard for architectural examples but represents a surface for indirect injection if used in a downstream LLM context.
Audit Metadata