scalar
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill possesses a surface for indirect prompt injection. It instructs the agent to fetch documentation via
mcp__context7__query-docsand describes anOpenApiAggregationServicethat pulls JSON data from remote URLs. - Ingestion points:
mcp__context7__query-docsinSKILL.mdandOpenApiAggregationService.GetAggregatedOpenApiAsync()inreferences/workflows.mdfetch content from external sources. - Boundary markers: Absent. No delimiters are provided to distinguish instructions from fetched data.
- Capability inventory: The skill allows high-privilege tools including
Bash,Write, andEditas declared in theSKILL.mdfrontmatter. - Sanitization: Absent. No validation or filtering is performed on the ingested documentation or API schemas before processing.
- COMMAND_EXECUTION (LOW): The skill utilizes the
Bashtool for standard development tasks such as running services viadotnet runand testing endpoints withcurl. These operations are conducted with appropriate context and do not attempt to escalate privileges or access sensitive system files.
Audit Metadata