dotnet-tooling
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the Azure Artifacts Credential Provider from a trusted Microsoft domain (aka.ms) as part of standard developer environment configuration.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface
- Ingestion points: The skill ingests untrusted data from the user's workspace (including .csproj, .sln, global.json, Program.cs, and GitHub Action YAML files) using shell commands and a dedicated Python analysis script.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to prevent it from obeying commands that might be maliciously embedded within the analyzed project files or metadata.
- Capability inventory: The agent is granted capabilities to read repository metadata and source code, execute a local Python script for deep analysis, and provide recommendations for significant code and build system modifications.
- Sanitization: Content read from the local repository is processed by the agent without any prior sanitization or filtering logic.
Audit Metadata