dotnet-inspect
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using dnx dotnet-inspect to interact with .NET libraries and NuGet packages.
- [EXTERNAL_DOWNLOADS]: The skill downloads NuGet packages and platform libraries for inspection and fetches raw source code from external SourceLink URLs using the source --cat command.
- [REMOTE_CODE_EXECUTION]: The skill uses the dnx runner to download and execute the dotnet-inspect tool at runtime. This behavior is consistent with the primary purpose of the skill and the author context.
- [PROMPT_INJECTION]: The skill processes untrusted data from external NuGet packages and SourceLink repositories, which creates a surface for indirect prompt injection. Ingestion points: NuGet package metadata, platform library references, and remote source code files. Boundary markers: The skill uses markdown headers and tables to structure output but does not implement explicit boundary markers to isolate untrusted content from instructions. Capability inventory: The skill can execute dnx commands and perform network-based source code retrieval. Sanitization: No explicit sanitization or validation of external data is specified in the skill instructions.
Audit Metadata