dotnet-microsoft-agent-framework
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: A static detector flagged an 'ignore instructions' pattern in
references/official-docs/integrations/ag-ui/security-considerations.md. Analysis confirms this is a false positive; the string is part of a security tutorial explaining how to prevent such attacks. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is an orchestration framework for LLM agents.
- Ingestion points: User prompts and external data inputs are processed across various executors described in
SKILL.mdandAGENT.md. - Boundary markers: Present; documentation repeatedly advises treating MCP and A2A services as trust boundaries and using explicit approval steps for tools.
- Capability inventory: The routing logic in
AGENT.mdsupports tools includingBash, and the framework supports network and file system access via MCP as described inmcp.md. - Sanitization: Explicit guidance on input validation and sanitization is provided throughout the reference documentation, particularly in the
security-considerations.mdfile.
Audit Metadata