The Agent Skills Directory

[Indirect Prompt Injection Surface]: The skill parses and modifies untrusted user-provided files such as project definitions (.csproj), solution files (.sln), and Dockerfiles. While necessary for the migration process, these files represent a surface where maliciously crafted content could attempt to influence the agent's behavior. Ingestion points: Project/solution files (.csproj, .sln, .slnx), configuration files (Directory.Build.props, Directory.Packages.props, global.json), and Dockerfiles. Boundary markers: The instructions do not define explicit delimiters for content read from external project files. Capability inventory: The agent performs file write operations (XML updates) and executes .NET CLI commands (restore, build, test). Sanitization: The skill does not explicitly describe sanitization of input file content before processing.
[Command Execution]: The skill uses standard .NET CLI tooling (dotnet build, restore, test) to verify the migration. These operations are performed using official developer tools and follow industry-standard workflows for project upgrades.
[Proactive Security Guidance]: The migration references include explicit warnings against unsafe practices, such as re-enabling BinaryFormatter, disabling header redaction in HttpClient logs, and suppressing security analyzers (WFO1000). This guidance helps prevent the introduction of common vulnerabilities during the upgrade process.

migrate-dotnet8-to-dotnet9