Skills
skills/managedcode/dotnet-skills/asynkron-profiler/Gen Agent Trust Hub

asynkron-profiler

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the asynkron-profiler tool along with Microsoft's dotnet-trace and dotnet-gcdump utilities from the NuGet package registry.
  • [COMMAND_EXECUTION]: Executes shell commands to build and profile applications, which is necessary for functionality but involves running arbitrary code during the build process.
  • [PROMPT_INJECTION]: The skill processes external diagnostic artifacts (e.g., .nettrace, .speedscope.json) to provide analytical reports, creating a surface for indirect prompt injection.
  • Ingestion points: Artifact files are loaded via the --input flag in SKILL.md.
  • Boundary markers: No specific delimiters or warnings are used to separate untrusted artifact data from instructions.
  • Capability inventory: The skill can execute shell commands, build code, and perform file system operations.
  • Sanitization: The toolchain does not explicitly sanitize or validate the content of the diagnostic artifacts before presentation to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 02:18 AM