Skills
skills/microsoft/aspire/dependency-update/Gen Agent Trust Hub

dependency-update

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • External Data Retrieval: The skill fetches version metadata from the official NuGet API. This data is processed using a local Python script snippet to extract version strings. While the use of pipes to an interpreter is noted, the script being executed is static and provided within the skill's own instructions.
  • Software Dependency Management: The bundled MigratePackage.cs script uses dynamic package references to download official Microsoft SDKs (such as Azure.Identity) from the NuGet registry. These are well-known libraries used for authenticating with Azure services.
  • Internal Pipeline Interaction: The skill facilitates the triggering of the dotnet-migrate-package pipeline in Azure DevOps. This process leverages the user's active Azure CLI session, ensuring the agent operates within the security context and permissions of the user.
  • Repository Configuration Management: Instructions include the use of shell utilities like grep and sed to locate and update package versions within Directory.Packages.props and eng/Versions.props. These are standard practices for maintaining large-scale .NET projects.
  • Build Verification: The skill includes steps to verify changes by running local build scripts, helping to ensure that dependency updates do not introduce breaking changes to the repository.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 06:30 PM