dotnet-tool-management
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the use of official
dotnetCLI commands such asdotnet tool install,dotnet tool restore, anddotnet tool run. These are legitimate operations within the .NET development ecosystem used for managing project dependencies and developer utilities. - [EXTERNAL_DOWNLOADS]: The skill describes downloading tools via the standard
dotnet tool installcommand, which fetches packages from the official NuGet registry. This is a well-known and trusted package repository (Microsoft-owned), and the skill does not point to any untrusted or malicious sources. - [PROMPT_INJECTION]: The skill includes instructions for using
.config/dotnet-tools.jsonmanifest files. While these files are external data sources (Category 8 surface), they are a fundamental part of the .NET tool ecosystem. - Ingestion points:
.config/dotnet-tools.jsonvia thedotnet tool restorecommand. - Boundary markers: None (standard CLI behavior).
- Capability inventory:
dotnet tool install,dotnet tool run. - Sanitization: The skill relies on the native security and validation mechanisms of the .NET SDK.
- [SAFE]: No signs of prompt injection, data exfiltration, hardcoded credentials, or obfuscated code were found. The references and examples provided (e.g.,
dotnet-ef,nbgv) are legitimate community-standard tools.
Audit Metadata