Skills
skills/managedcode/dotnet-skills/migrate-vstest-to-mtp/Gen Agent Trust Hub

migrate-vstest-to-mtp

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external files that could contain malicious instructions.
  • Ingestion points: Solution files (.sln, .slnx), project files (.csproj, Directory.Build.props), configuration files (global.json), and CI/CD pipeline definitions (Azure DevOps and GitHub Actions YAML).
  • Boundary markers: Absent; there are no instructions for the agent to use delimiters or ignore embedded instructions when reading these files.
  • Capability inventory: The skill performs file system modifications and executes dotnet CLI commands.
  • Sanitization: Absent; the skill does not define validation or escaping for the content ingested from external files.
  • [COMMAND_EXECUTION]: The skill invokes various .NET CLI commands to verify the environment, build projects, and run tests.
  • Evidence: Uses 'dotnet test', 'dotnet build', 'dotnet watch', and 'dotnet --version'.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user or agent to install several NuGet packages required for the migration.
  • Evidence: References official Microsoft packages like Microsoft.Testing.Extensions.TrxReport and Microsoft.Testing.Extensions.CodeCoverage, as well as the community package YTest.MTP.XUnit2.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 02:18 AM
Security Audit — agent-trust-hub — migrate-vstest-to-mtp