Skills
skills/davidortinau/sentencestudio/maui-ai-debugging/Gen Agent Trust Hub

maui-ai-debugging

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the application under test.
  • Ingestion points: Data enters the agent's context through maui devflow ui tree (UI hierarchy), maui devflow logs (application and console logs), and maui devflow webview snapshot (DOM content from Blazor views).
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when presenting this data to the LLM.
  • Capability inventory: The skill possesses significant capabilities including executing shell commands via dotnet, adb, and xcrun, as well as modifying files.
  • Sanitization: There is no mention of sanitizing or escaping the content retrieved from the app before interpolation.
  • [EXTERNAL_DOWNLOADS]: The skill encourages the installation of external development tools from trusted sources.
  • Evidence: Instructions include installing Microsoft.Maui.Cli, androidsdk.tool, and appledev.tools via the dotnet tool command.
  • Context: These are standard, well-known development tools provided by Microsoft and reputable community members.
  • [REMOTE_CODE_EXECUTION]: The skill includes a command to update its own instruction set from a remote source.
  • Evidence: The command maui devflow update-skill is documented as a way to download latest skill files from GitHub.
  • Context: This is a documented administrative feature of the CLI tool used to manage the agent's environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 06:17 AM
Security Audit — agent-trust-hub — maui-ai-debugging