Skills
skills/stuartf303/sorcha/dotnet/Gen Agent Trust Hub

dotnet

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is highly vulnerable to indirect prompt injection because it ingests untrusted external data and has access to sensitive tools.
  • Ingestion points: Untrusted data enters the agent context through the mcp__context7__query-docs tool (SKILL.md).
  • Boundary markers: Absent; there are no instructions to delimit or distrust content returned from external queries.
  • Capability inventory: The skill is explicitly allowed to use Bash, Write, and Edit (SKILL.md frontmatter).
  • Sanitization: Absent; no filtering or validation is applied to fetched content before it influences agent actions.
  • Command Execution (LOW): The skill requests access to the Bash tool. While intended for legitimate .NET CLI operations, it provides an immediate execution vector for instructions injected via external documentation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 07:14 AM