Skills
skills/codebeltnet/agentic/dotnet-strong-name-signing/Gen Agent Trust Hub

dotnet-strong-name-signing

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill generates and executes PowerShell scripts at runtime using the RSACryptoServiceProvider class. It uses string interpolation to insert parameters like {KEY_SIZE} and {OUTPUT_PATH} directly into a code block for execution.
  • [DATA_EXFILTRATION]: The skill generates .snk files containing private cryptographic keys. While intended for assembly signing, the creation and potential inclusion of these files in source control (as suggested for open-source projects) represents a sensitive data handling risk that users must manage carefully.
  • [PROMPT_INJECTION]: Indirect prompt injection surface exists in FORMS.md. The skill derives default values for key_name and output_dir from the local environment using git rev-parse. If a repository or directory name contains shell metacharacters or PowerShell escape sequences, it could influence the script execution in Step 2.
  • Ingestion points: Environment-sourced data via git commands and user-provided text fields in FORMS.md.
  • Boundary markers: None. The values are interpolated directly into the PowerShell script template.
  • Capability inventory: File system write access ([System.IO.File]::WriteAllBytes) and cryptographic key generation.
  • Sanitization: None detected. The skill relies on the agent presenting a summary for user confirmation before proceeding with execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 01:56 PM
Security Audit — agent-trust-hub — dotnet-strong-name-signing