Skills
skills/managedcode/dotnet-skills/template-discovery/Gen Agent Trust Hub

template-discovery

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands (dotnet new search, dotnet new list, dotnet new help) using user-provided strings as arguments. This creates a potential command injection vulnerability where an attacker could provide malicious shell metacharacters in the search keywords to execute arbitrary commands on the host system.
  • Ingestion points: User intent and keywords provided as input in SKILL.md.
  • Boundary markers: Absent; user input is directly passed to the command line.
  • Capability inventory: Subprocess execution via dotnet CLI in SKILL.md.
  • Sanitization: Absent; no instructions are provided to sanitize or escape user-supplied keywords before execution.
  • [EXTERNAL_DOWNLOADS]: The skill uses the dotnet new search command, which fetches template metadata and package information from the NuGet registry (nuget.org). NuGet is a well-known service for the .NET ecosystem, and this behavior is consistent with the skill's stated purpose of project template discovery.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 12:41 PM