Skills
skills/microsoft/aspire/test-management/Gen Agent Trust Hub

test-management

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Input-Driven Command Construction: The skill incorporates user-provided test names and issue URLs into shell commands such as grep and dotnet run. This is a potential indirect prompt injection surface.
  • Ingestion points: User requests parsed in SKILL.md to extract test names and URLs.
  • Boundary markers: The skill lacks explicit delimiter-based boundary markers for user input when it is interpolated into shell commands.
  • Capability inventory: The skill uses grep, dotnet build, dotnet test, and dotnet run (which executes the QuarantineTools utility).
  • Sanitization: The skill relies on the agent's instructions to parse input into a specific structured format (Namespace.Type.Method), which acts as an implicit validation step.
  • Automated Code Refactoring: The skill automates the addition of attributes to source code using a specialized utility. The inclusion of mandatory build and test verification steps provides a safety layer to ensure that code changes are valid and do not introduce compilation errors.
  • Execution of Repository Utilities: The workflow utilizes local utilities found within the repository's tools directory. Running project-specific tools for maintenance tasks is an effective practice that ensures the automation aligns with the project's specific coding and safety standards.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 06:37 PM