Skills
skills/midudev/autoskills/minimal-api-file-upload/Gen Agent Trust Hub

minimal-api-file-upload

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides comprehensive security guidance for developers implementing file uploads:
  • Path Traversal Mitigation: It explicitly warns against using user-supplied filenames and demonstrates generating safe filenames using GUIDs.
  • File Content Validation: It includes code to verify file signatures (magic bytes) for JPEG and PNG formats, ensuring the content matches the declared MIME type.
  • Resource Protection: It correctly identifies and explains how to configure both Kestrel and FormOptions request size limits to prevent DoS attacks.
  • CSRF Protection: It explains .NET 8+'s automatic anti-forgery validation for forms and provides specific warnings against disabling it for cookie-authenticated endpoints.
  • Secure Streaming: It provides an implementation using MultipartReader for handling large files without excessive memory buffering.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 10:26 AM