aspire
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of shell commands via the
aspireCLI to manage application lifecycle, deployment, and configuration. These operations are within the stated purpose of the skill for developers working with distributed applications. - [EXTERNAL_DOWNLOADS]: The skill fetches documentation and package information from official repositories and
aspire.dev. These references are to well-known technology domains associated with the .NET ecosystem and represent standard developer operations. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it is instructed to read and process potentially untrusted data from application logs and telemetry, while also having access to high-privilege capabilities such as secret management and deployment.
- Ingestion points: The agent reads live data via
aspire logs,aspire otel logs, andaspire describe(as seen in references/monitoring.md). - Boundary markers: No explicit instruction-level boundary markers or delimiters are defined to isolate log content from system instructions.
- Capability inventory: The agent can execute system-altering commands including
aspire secret set,aspire deploy, andaspire startacross multiple references. - Sanitization: There is no evidence of sanitization or filtering applied to external content before the agent processes it for decision-making.
Audit Metadata