dotnet-aot-analysis
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the 'dotnet build' command via the Bash tool to verify project compatibility after applying settings. Tool access is appropriately restricted to the 'dotnet' command namespace.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted project data (C# source files and .csproj metadata) using Read, Glob, and Grep. Evidence chain: 1. Ingestion points: Reads solution/project files; 2. Boundary markers: Absent; 3. Capability inventory: Bash (dotnet build) and file modification via AI; 4. Sanitization: Absent. This risk is inherent to the primary purpose of development-time code analysis and is considered safe in this context.
- [SAFE]: The skill includes multiple references to official Microsoft documentation on the learn.microsoft.com domain. These target a well-known and trusted service for technical guidance and do not involve untrusted code execution.
Audit Metadata