Skip to content

.NET: Add security information to harness features xml docs#6933

Open
westey-m wants to merge 2 commits into
microsoft:mainfrom
westey-m:dotnet-security-xml-docs
Open

.NET: Add security information to harness features xml docs#6933
westey-m wants to merge 2 commits into
microsoft:mainfrom
westey-m:dotnet-security-xml-docs

Conversation

@westey-m

@westey-m westey-m commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Motivation & Context

  • Help developers understand the risks that they need to mitigate for when integrating with external services and components.

Description & Review Guide

  • Add security information to harness features xml docs

Related Issue

Fixes #

Contribution Checklist

  • The code builds clean without any errors or warnings
  • All unit tests pass, and I have added new tests where possible
  • The PR follows the Contribution Guidelines
  • This PR is linked to an issue and there is no other open PR for this issue (see Related Issue above).
  • This is not a breaking change. If it is a breaking change, add the breaking change label (or add "[BREAKING]" to the title prefix, before or after any language prefix) — a workflow keeps the label and title prefix in sync automatically.

Copilot AI review requested due to automatic review settings July 6, 2026 14:58
@giles17 giles17 added documentation Usage: [Issues, PRs], Target: documentation in the code base and learn docs .NET Usage: [Issues, PRs], Target: .Net labels Jul 6, 2026
@github-actions github-actions Bot changed the title Add security information to harness features xml docs .NET: Add security information to harness features xml docs Jul 6, 2026

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated Code Review

Reviewers: 5 | Confidence: 76%

✓ Correctness

This PR adds security consideration documentation to XML docs and README files for harness features that extend trust boundaries to external systems. All changes are purely additive documentation (no code logic changes). The XML doc cref references to types and properties (AgentMcpSkillsSourceOptions properties, EnableSensitiveData, JudgeVerdict, AgentSkillsProviderBuilder, CompactionStrategy, SummarizationCompactionStrategy) were verified to point to real, existing symbols. The security guidance accurately describes the trust boundaries and risks of each feature. No correctness issues found.

✓ Security Reliability

This PR adds security consideration documentation (XML doc remarks and README sections) to harness features that interact with external services. All documentation claims have been verified against the actual implementation and are technically accurate. There are no code logic changes, no new dependencies, and no behavioral modifications — only documentation additions. No security or reliability issues identified.

✓ Test Coverage

This PR adds security documentation (XML doc comments and README sections) to various harness features. All changes are purely documentation — no code logic, no new methods, no behavioral changes. Documentation-only changes do not require test coverage, so there are no test_coverage concerns to raise.

✓ Failure Modes

This PR adds security consideration documentation to XML doc comments and README files for various harness features. All changes are purely additive documentation (173 insertions, 3 deletions that are only reformatted existing doc lines). No executable code is modified — only XML /// comments and markdown files. There are no failure modes, silent failures, swallowed exceptions, or operational risks introduced by documentation-only changes.

✓ Design Approach

I found one documentation-level design issue in the new security guidance. The compaction docs now present SummarizationCompactionStrategy as the only strategy that can introduce externally generated replacement content, but ChatReducerCompactionStrategy also trusts arbitrary replacement messages from any supplied IChatReducer, including reducers backed by external services. The rest of the added security notes look aligned with the current implementations.

Suggestions

  • Broaden the compaction security guidance so it covers any strategy that accepts externally generated replacement messages, not just SummarizationCompactionStrategy; ChatReducerCompactionStrategy explicitly delegates to an arbitrary IChatReducer and rebuilds the conversation from whatever reduced messages it returns (dotnet/src/Microsoft.Agents.AI/Compaction/ChatReducerCompactionStrategy.cs:20-23,64-78).

Automated review by westey-m's agents

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR strengthens the .NET developer guidance around trust boundaries by adding “Security considerations” to XML docs for several harness/features-related types (skills, MCP skills, compaction, background agents, loop judging, telemetry), and mirrors that guidance in relevant sample READMEs.

Changes:

  • Add security-focused XML doc paragraphs to key extensibility points (skills sources/providers, MCP skill discovery/loading, loop judging, background agents, compaction, and OpenTelemetry sensitive-data capture).
  • Add “Security Considerations” sections to harness- and feature-related sample READMEs to help developers spot opt-in capabilities that expand the trust boundary.

Reviewed changes

Copilot reviewed 15 out of 15 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
dotnet/src/Microsoft.Agents.AI/Skills/AgentSkillsSource.cs Documents skill sources as a trust boundary and calls out indirect prompt injection / exfiltration risks.
dotnet/src/Microsoft.Agents.AI/Skills/AgentSkillsProvider.cs Adds provider-level guidance on source trust and script execution risk.
dotnet/src/Microsoft.Agents.AI/OpenTelemetryAgent.cs Clarifies telemetry pipeline responsibility and sensitive-data opt-in implications.
dotnet/src/Microsoft.Agents.AI/Harness/Loop/AIJudgeLoopEvaluator.cs Documents risks of adding an external judge model boundary; adds a security note on the judge client parameter.
dotnet/src/Microsoft.Agents.AI/Harness/BackgroundAgents/BackgroundAgentsProvider.cs Documents delegation risks when supplying background agents; adds a security note on the agents parameter.
dotnet/src/Microsoft.Agents.AI/Compaction/SummarizationCompactionStrategy.cs Documents the persistence risk of untrusted summarization output; adds a security note on the chat client parameter.
dotnet/src/Microsoft.Agents.AI/Compaction/CompactionProvider.cs Adds provider-level guidance highlighting summarization as the main risk-bearing strategy.
dotnet/src/Microsoft.Agents.AI.Mcp/Skills/AgentSkillsProviderBuilderMcpExtensions.cs Adds security guidance for opting into MCP skill discovery/loading.
dotnet/src/Microsoft.Agents.AI.Mcp/Skills/AgentMcpSkillsSourceOptions.cs Documents archive limit settings as a safety boundary for untrusted MCP content.
dotnet/src/Microsoft.Agents.AI.Mcp/Skills/AgentMcpSkillsSource.cs Adds security guidance for remote MCP skill content + archive extraction.
dotnet/samples/02-agents/Harness/README.md Adds a consolidated “Security Considerations” overview pointing to relevant samples/types.
dotnet/samples/02-agents/Harness/Harness_Step05_Loop/README.md Adds security notes for the AI judge demo scenario.
dotnet/samples/02-agents/Harness/Harness_Step02_Research_WithBackgroundAgents/README.md Adds security notes about delegating to developer-supplied background agents.
dotnet/samples/02-agents/AgentSkills/Agent_Step06_McpBasedSkills/README.md Adds MCP skill discovery security guidance and archive-limit reminders.
dotnet/samples/02-agents/Agents/Agent_Step18_CompactionPipeline/README.md Adds security notes about summarization-based compaction becoming persistent history.

Comment thread dotnet/src/Microsoft.Agents.AI/Harness/Loop/AIJudgeLoopEvaluator.cs Outdated
Comment thread dotnet/src/Microsoft.Agents.AI/Compaction/SummarizationCompactionStrategy.cs Outdated
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Usage: [Issues, PRs], Target: documentation in the code base and learn docs .NET Usage: [Issues, PRs], Target: .Net

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants