crap-score
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Local Command Execution]: The skill uses the 'dotnet test' command to collect coverage data. This is a standard part of the .NET ecosystem and is required to calculate the coverage ratio used in the CRAP score formula.
- [Project File Analysis]: The skill analyzes C# source files and parses XML coverage reports. These operations are conducted locally on project files and are necessary for computing cyclomatic complexity and extracting coverage metrics.
- [Indirect Prompt Injection Surface]: The skill processes external data from source files and coverage reports (Step 2 and 3). Although these are untrusted ingestion points and lack specific sanitization or boundary markers, the skill's capabilities are limited to standard testing commands (Step 1), representing a low risk factor.
Audit Metadata