dotnet-mstest
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection by design, as it prioritizes and executes commands found in the local configuration file.\n
- Ingestion points: The skill reads the nearest
AGENTS.mdfile within the repository to identify and execute the repo's realtestcommand.\n - Boundary markers: No delimiters or boundary markers are present to isolate the external input from the agent's execution logic.\n
- Capability inventory: The skill possesses the capability to execute shell commands via
dotnet test,dotnet add, andrg(ripgrep).\n - Sanitization: No sanitization, validation, or human-in-the-loop verification is mentioned for the commands extracted from
AGENTS.md.\n- [COMMAND_EXECUTION]: The skill relies on shell commands for its core functionality of managing and running .NET tests.\n - Evidence: The skill explicitly uses
dotnet test,dotnet add package, andrgto perform project analysis and testing tasks.
Audit Metadata