Skills
skills/auth0/agent-skills/auth0-winforms/Gen Agent Trust Hub

auth0-winforms

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill includes instructions to download the Auth0 CLI installation script from the vendor's official GitHub repository (https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh).
  • [REMOTE_CODE_EXECUTION]: The setup guide features a shell script that executes the vendor's CLI installer via curl | sh. This is a documented and standard procedure for setting up the vendor's development tools.
  • [COMMAND_EXECUTION]: The skill utilizes several CLI tools to automate the development workflow, including gh api to fetch the latest release versions, dotnet for package management and building, and the auth0 CLI for tenant and application configuration.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is instructed to read the user's project files (.csproj) and search the codebase using grep to identify existing configurations.
  • Ingestion points: Identifying TargetFramework from .csproj in SKILL.md and running grep on project files in setup.md.
  • Boundary markers: Absent.
  • Capability inventory: External API calls via gh, script execution via curl | sh, and project modification via dotnet and auth0 CLI.
  • Sanitization: Absent.
  • [SAFE]: The skill implements industry-standard security patterns for native desktop applications, specifically the Authorization Code flow with PKCE, and explicitly warns against the use of Client Secrets in native clients.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 11:37 AM
Security Audit — agent-trust-hub — auth0-winforms