project-setup
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill follows development best practices by utilizing interactive questionnaires and architectural advisors to customize project generation rather than relying on generic templates.
- [COMMAND_EXECUTION]: The workflow involves executing standard .NET CLI commands such as
dotnet newanddotnet build. These are well-known developer tools and their use here is appropriate for the skill's primary purpose of project setup and migration. - [SAFE]: The health check workflow uses Model Context Protocol (MCP) tools (
get_project_graph,detect_antipatterns,get_diagnostics) to perform semantic analysis of the codebase. These tools provide a structured and restricted interface for reading project information, which is safer than unrestricted file system access. - [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by ingesting and analyzing untrusted codebase data during health checks. However, the risk is minimal as the ingested data is used to generate structured reports and diagnostic counts rather than being directly executed or used to construct high-privilege commands.
Audit Metadata