dotnet-sep
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to download the 'Sep' package from NuGet, which is a well-known and standard package registry for the .NET ecosystem.
- [COMMAND_EXECUTION]: The skill provides standard shell commands for package management, such as
dotnet add package Sep. These are routine developer operations. - [PROMPT_INJECTION]: The skill facilitates the ingestion and processing of external data from files and text streams, which constitutes a surface for indirect prompt injection where malicious instructions could be embedded in the data being parsed.
- Ingestion points:
SKILL.md(usage ofFromFile,FromText,FromFileAsync, andFromTextAsyncmethods). - Boundary markers: Absent; the provided code snippets do not demonstrate the use of delimiters or instructions to ignore embedded commands in the processed data.
- Capability inventory:
SKILL.md(contains capabilities for file system read and write operations via the library). - Sanitization: Absent; the skill focuses on the library's parsing performance and does not provide logic for sanitizing or validating the content of the data against injection attacks.
Audit Metadata