dotnet-webapi
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [Secure Coding Practices]: The skill emphasizes the use of sealed records for Data Transfer Objects (DTOs) and explicitly warns against exposing domain entities directly, which is a key defense against over-posting and accidental data exposure.
- [Input Validation]: It provides instructions for enabling explicit validation in minimal APIs and using data annotations, ensuring that incoming request data is verified before processing.
- [Safe Error Handling]: The guidance includes setting up a global exception handler that returns standardized RFC 7807 Problem Details and specifically warns against including raw exception messages that could reveal internal system details.
- [Resource Management]: The skill correctly instructs the use of CancellationToken across all asynchronous operations to ensure resources are properly released if a client disconnects.
- [Trusted References]: All external documentation links point to official Microsoft Learn domains, which are well-known and trusted sources for .NET development.
Audit Metadata