dotnet-add-ci
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Uses official GitHub Actions (e.g., 'actions/setup-dotnet', 'actions/checkout') and Azure DevOps tasks from trusted technology providers to facilitate build and test automation.\n- [EXTERNAL_DOWNLOADS]: Suggests the use of a community-maintained GitHub CLI extension ('moritztomasi/gh-workflow-validator') for validating the syntax of generated workflow files.\n- [COMMAND_EXECUTION]: Instructs the agent or user to execute standard .NET CLI commands ('dotnet restore', 'dotnet build', 'dotnet test', 'dotnet pack') which are necessary for project compilation and verification.\n- [PROMPT_INJECTION]:\n
- Ingestion points: The skill detects the hosting platform by checking for the existence of the '.github/' directory or 'azure-pipelines.yml' file in the local repository.\n
- Boundary markers: None present in the platform detection logic.\n
- Capability inventory: The skill has the capability to write YAML configuration files and suggests the execution of local shell commands.\n
- Sanitization: The skill utilizes file existence as a trigger rather than parsing the content of untrusted files, which prevents the interpolation of malicious instructions from the repository into the agent's workflow.
Audit Metadata