Skills
skills/housegarofalo/claude-code-base/semantic-kernel/Gen Agent Trust Hub

semantic-kernel

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs users to install the official 'semantic-kernel' Python package and 'Microsoft.SemanticKernel' .NET package from Microsoft. These are trusted libraries from a verified vendor.
  • [PROMPT_INJECTION]: The skill demonstrates prompt templating using '{{$input}}' placeholders. This represents an indirect prompt injection surface where malicious data could influence LLM behavior if the input is not sanitized.
  • Ingestion points: The 'input' parameter in 'TextPlugin' and 'text' parameter in 'ResearchPlugin' (SKILL.md).
  • Boundary markers: None used in the provided prompt examples.
  • Capability inventory: The skill uses 'kernel.invoke_prompt' and 'FunctionCallingStepwisePlanner' to perform AI actions.
  • Sanitization: The examples do not include input validation or escaping before interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 11:09 AM
Security Audit — agent-trust-hub — semantic-kernel