Skills
skills/rudironsoni/dotnet-harness-plugin/dotnet-build-analysis/Gen Agent Trust Hub

dotnet-build-analysis

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing the Azure Artifacts Credential Provider using shell scripts hosted on Microsoft's official aka.ms domain.
  • [COMMAND_EXECUTION]: Provides various CLI patterns for diagnosing NuGet sources and environmental issues, including the use of dotnet nuget, ls, and executing downloaded shell/PowerShell scripts.
  • [PROMPT_INJECTION]: The skill is designed to interpret MSBuild output, which creates a surface for indirect prompt injection if the build logs contain malicious instructions intended to influence the agent's next steps.
  • Ingestion points: MSBuild error messages, warning strings, and NuGet restore logs processed by the agent.
  • Boundary markers: None specified in the documentation.
  • Capability inventory: Suggested execution of dotnet CLI tools and installation of credential providers via curl | bash or iex patterns.
  • Sanitization: No explicit sanitization or validation of the input logs is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 09:29 PM