Skills
skills/managedcode/dotnet-skills/reportgenerator/Gen Agent Trust Hub

reportgenerator

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using the dotnet CLI to install the dotnet-reportgenerator-globaltool and run report generation tasks. These operations are standard for .NET development workflows.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external data from the repository.
  • Ingestion points: The skill reads various coverage artifact formats (Cobertura, OpenCover, lcov) from the file system (referenced in SKILL.md and references/commands.md).
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious content embedded within the coverage files.
  • Capability inventory: The skill utilizes command execution via the dotnet tool and file system write operations (referenced in SKILL.md and references/commands.md).
  • Sanitization: The instructions do not specify any validation or sanitization steps for the coverage data before it is processed and rendered into reports.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 07:31 PM