aspire
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill utilizes
mcp__context7__query-docsto fetch external documentation, creating an indirect prompt injection surface. External documentation content is untrusted and could attempt to manipulate the agent's behavior. Ingestion points: External documentation data frommcp__context7__query-docs. Boundary markers: No delimiters or ignore-embedded-instruction warnings are present in the skill instructions. Capability inventory: The skill has access to powerful tools includingBash,Edit, andWrite. Sanitization: No evidence of validation or sanitization of documentation content prior to processing. - [Data Exposure & Exfiltration] (SAFE): Code examples for sensitive values like JWT signing keys correctly use variables (e.g.,
jwtSigningKey) instead of hardcoded strings or secrets. - [Command Execution] (SAFE): While the
Bashtool is permitted, the skill does not contain any suspicious shell commands or scripts. All provided examples are standard .NET C# code snippets.
Audit Metadata