dotnet-exception-handling
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
ripgrep(rg) to perform static analysis on project files such as*.cs,Program.cs, and.csproj. This is a legitimate use of command execution for a code auditing tool.\n- [PROMPT_INJECTION]: The skill processes untrusted .NET source code which presents an indirect prompt injection surface. However, the risk is minimized by the use of specific regex patterns for detection and a limited set of automated actions.\n - Ingestion points: Project source files (.cs) and configuration files (.csproj, .sln) specified in Phase 1, Step 1.\n
- Boundary markers: No specific boundary delimiters or "ignore embedded instructions" markers are used in the ripgrep search commands.\n
- Capability inventory: Execution of
rg, file system writes for logging to.claude/runtime/logs/, and GitHub API interaction for issue and PR creation.\n - Sanitization: No explicit sanitization or escaping of the content read from source files is documented before it is processed or reported.\n- [SAFE]: References to external documentation point exclusively to trusted vendors like Microsoft and ABP. No obfuscation, persistence mechanisms, or credential theft patterns were detected in the skill's instructions or logic.
Audit Metadata