Skills
skills/managedcode/dotnet-skills/dotnet-mixed-reality/Gen Agent Trust Hub

dotnet-mixed-reality

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements functionality to ingest and process data from the physical or network environment which could serve as a vector for indirect prompt injection.
  • Ingestion points: The QRCodeTracker class in references/examples.md reads data from scanned QR codes, and VoiceCommandHandler in references/examples.md processes speech keywords.
  • Boundary markers: The provided code snippets do not include delimiters or instructions to ignore embedded commands within the processed data.
  • Capability inventory: The skill features capabilities to perform network operations via Azure Spatial Anchors, Azure Remote Rendering, and Photon (shared experiences), as seen in references/examples.md.
  • Sanitization: There is no evidence of data sanitization or validation for inputs received from QR codes or voice commands in the examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 12:41 PM