dotnet-msbuild-authoring
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous examples for using the MSBuild
<Exec>task to run external shell commands, includingdotnet tool run,sqlcmd, andsigntool. These instructions teach the agent how to implement arbitrary code execution within a build pipeline. - [PROMPT_INJECTION]: The guidance on using item metadata (such as
%(Identity)) within shell commands establishes an indirect injection surface. If the agent follows these patterns to build a project containing maliciously named files, it could inadvertently facilitate command injection. - Ingestion points: File system globs (e.g.,
migrations/*.sql) used to populateItemGroupcollections inSKILL.md. - Boundary markers: None; the examples do not suggest delimiters or instructions to ignore embedded commands in file metadata.
- Capability inventory: Includes the
<Exec>task for shell command execution and MSBuild property functions that allow calling .NET static methods (e.g.,System.IO.Path,System.Environment,System.Text.RegularExpressions.Regex). - Sanitization: The skill does not provide guidance on escaping or validating file names/metadata before interpolating them into shell commands.
Audit Metadata