Skills
skills/managedcode/dotnet-skills/dotnet-cloc/Gen Agent Trust Hub

dotnet-cloc

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for executing various command-line tools including cloc, git, and jq. It also includes bootstrap commands for system-level installation using sudo with standard package managers like apt, yum, and dnf.- [EXTERNAL_DOWNLOADS]: Mentions downloading the cloc tool from trusted and well-known sources such as the official NPM registry, Homebrew, Chocolatey, Scoop, and the aldanial/cloc Docker image.- [PROMPT_INJECTION]: The skill processes repository files which presents a surface for indirect prompt injection.
  • Ingestion points: cloc reads filenames and file contents from the local repository during execution.
  • Boundary markers: No explicit delimiters are specified to separate the tool output from other agent instructions.
  • Capability inventory: File system access, network access via git, and command execution for package management.
  • Sanitization: The skill assumes files are standard source code and does not prescribe sanitization of content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 12:41 PM