Back to skill

Security audit

Dotnet Expert

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent .NET development guidance skill with broad activation triggers but no evidence of hidden, destructive, or data-stealing behavior.

Install if you want a .NET-focused coding assistant. Be aware it may activate on general C# or migration discussions, so review its advice like any generated development guidance before running commands or applying code changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list is broad and includes common terms such as '.NET', 'dotnet', 'ASP.NET', 'controller', 'migration', and 'Result pattern', which can cause the skill to activate in unrelated contexts. Overbroad activation increases attack surface by invoking this skill unexpectedly, potentially overriding a more appropriate skill or injecting specialized instructions into benign conversations.

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
97% confidence
Finding
The single trigger 'C#' is especially broad and likely to match many unrelated requests, causing accidental skill activation. In an agent system, this can lead to misrouting, unnecessary instruction loading, and greater exposure to adversarial prompt interactions through an overly eager specialist skill.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.