Skills
skills/rudironsoni/dotnet-harness-plugin/dotnet-ci-benchmarking/Gen Agent Trust Hub

dotnet-ci-benchmarking

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The workflow examples utilize official and trusted GitHub Actions from the actions organization for repository checkout, .NET setup, and artifact management.
  • [PROMPT_INJECTION]: Identifies a potential surface for indirect prompt injection within the automated PR commenting process.
  • Ingestion points: Benchmark results are read from JSON files (*-report-full.json) in the load_benchmarks function of the compare-benchmarks.py script.
  • Boundary markers: The workflow does not employ boundary markers or instructions to ignore embedded content when generating the PR comment body from the benchmark report.
  • Capability inventory: The skill leverages the actions/github-script action to post content from the benchmark-comparison.md file directly to Pull Request comments.
  • Sanitization: The provided Python script interpolates benchmark names and statistics into a markdown table without sanitization, which could lead to markdown or HTML injection if benchmark metadata is manipulated by an untrusted source.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 09:29 PM