dotnet-security-owasp
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a security-hardening reference for modern .NET applications. All code snippets demonstrate standard, recommended security practices.
- [PROMPT_INJECTION]: The skill contains no instructions designed to bypass agent safeguards. The instructions provided in the "Agent Gotchas" section are purely defensive and aimed at ensuring the AI generates secure code (e.g., enforcing HTTPS and parameterizing SQL queries).
- [DATA_EXFILTRATION]: No exfiltration patterns or unauthorized network calls were detected. The skill actively guides developers to avoid storing secrets in configuration files and provides patterns for redacting sensitive data (PII/credentials) from logs.
- [REMOTE_CODE_EXECUTION]: The skill explicitly addresses RCE risks by advising against the use of BinaryFormatter and providing validation logic/allow-lists for system process calls (Process.Start).
Audit Metadata