dotnet-core
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill ingests data from external sources including project memory files such as 'solution_overview.md' and 'api_patterns.md' through the 'memoryStore' interface. While this introduces an indirect prompt injection surface without explicit boundary markers or sanitization, the skill's capabilities are limited to generating documentation in '/claudedocs/' and updating its own state. This pattern is standard for context-aware assistant skills and poses no significant risk.
- [Data Exposure] (SAFE): No hardcoded credentials, API keys, or sensitive local file paths (like SSH keys) were found. The skill correctly handles security topics as abstract guidance.
- [Command Execution] (SAFE): The skill does not execute shell commands, install external packages, or download remote scripts.
Audit Metadata