dotnet-backend
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No evidence of instruction override, safety bypass, or role-play injection patterns was found. The skill uses standard persona-setting instructions for a development assistant.
- [DATA_EXFILTRATION]: No hardcoded credentials, API keys, or access to sensitive local file paths (e.g., SSH keys, AWS credentials) were found. The provided code templates correctly demonstrate using configuration providers for sensitive values like JWT keys and connection strings.
- [REMOTE_CODE_EXECUTION]: There are no patterns involving the download and execution of remote scripts (e.g., curl|bash). All referenced libraries are well-known, industry-standard packages in the .NET ecosystem.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection, as it is designed to interact with external codebases while having high-privilege tool access.
- Ingestion points: The agent processes user-provided .NET source code files and project configurations.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands in processed data are provided.
- Capability inventory: The agent has access to powerful tools including
Bash,Read,Write, andEdit. - Sanitization: No sanitization or validation logic for external content is defined in the skill instructions.
Audit Metadata