domain-events-generator
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DYNAMIC_EXECUTION]: The Outbox processor in
ProcessOutboxMessagesJob.csusesType.GetType(message.Type)to resolve types at runtime based on strings from the database. This allows for dynamic assembly loading and type instantiation based on persisted data. - [DYNAMIC_EXECUTION]: The skill performs dynamic deserialization in
ProcessOutboxMessagesJob.csusingJsonSerializer.Deserializewith a type resolved at runtime. This introduces a risk of unsafe deserialization if the database content is manipulated. - [INDIRECT_PROMPT_INJECTION]: The skill defines an ingestion surface for untrusted data via the database outbox. 1. Ingestion points:
ProcessOutboxMessagesJob.csreads from theOutboxMessagestable. 2. Boundary markers: None present in the provided templates. 3. Capability inventory: Publishes events viaIPublisher(MediatR), triggering associated notification handlers which may perform side effects. 4. Sanitization: No validation is performed on theTypeorContentfields before processing.
Audit Metadata