dotnet-version-detection
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the shell command
dotnet --versionto determine the environment's SDK version as a fallback detection method. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external project files.
- Ingestion points: The skill reads data from
.csproj,global.json,Directory.Build.props,.sln, and.slnxfiles. - Boundary markers: No delimiters or instructions to ignore embedded commands within the parsed files are specified.
- Capability inventory: The skill has the capability to execute subprocess commands (e.g.,
dotnet --version). - Sanitization: There is no evidence of validation or sanitization of strings extracted from the XML/JSON project files before they are interpolated into the final report.
Audit Metadata