Skills
skills/viktor-ferenczi/se-dev-skills/se-dev-server-code/Gen Agent Trust Hub

se-dev-server-code

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The Prepare.bat script downloads the uv tool from astral.sh and busybox.exe from frippery.org to set up the development environment.\n- [REMOTE_CODE_EXECUTION]: The preparation script installs the ilspycmd dotnet tool globally using the dotnet tool install command.\n- [COMMAND_EXECUTION]: The skill uses subprocesses to execute Python search scripts and BusyBox utilities for indexing and searching the decompiled code.\n- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by reading decompiled C# files and XML content (ingestion points include files in the Decompiled and Content folders). There are no boundary markers or sanitization processes in place to prevent the agent from following instructions embedded in this untrusted data while it has access to command execution capabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 10:19 PM