aspnet-core
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines patterns for generating code from user input, creating an indirect prompt injection surface.
- Ingestion points: User-defined API specifications referenced in SKILL.md and workflows.md.
- Boundary markers: No explicit instructions provided to the agent to delimit untrusted input.
- Capability inventory: Includes Write, Edit, and Bash tools for code implementation and local execution.
- Sanitization: No validation steps are defined for the agent to apply to user-provided data.
- [COMMAND_EXECUTION]: The documentation references standard developer commands such as
dotnet buildandcurlfor local build and test workflows. - [SAFE]: The skill proactively addresses security by providing 'Fix' examples for common anti-patterns like exposing internal error details and configuring permissive CORS when credentials are required.
Audit Metadata