dotnet-upgrade
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill consists exclusively of markdown documentation and natural language prompts. It does not include any executable code (Python, JavaScript, shell scripts) or configuration that triggers automated actions.
- [INDIRECT_PROMPT_INJECTION]: The skill instructions direct the agent to analyze external, untrusted data such as
.csprojfiles,packages.configmanifests, and YAML build definitions. This creates a potential surface where an attacker could embed malicious instructions within these files (e.g., in XML comments or metadata) to manipulate the agent's output during the migration analysis. - Ingestion points:
.csproj,.sln,packages.config, and CI/CD YAML pipeline definitions (found in SKILL.md prompts). - Boundary markers: None present in the prompts to separate data from instructions.
- Capability inventory: No code-execution capabilities are shipped with the skill itself.
- Sanitization: No sanitization or validation logic is defined in the instructions.
Audit Metadata