dotnet-upgrade
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is comprised entirely of natural language prompts and YAML metadata. No scripts, binary files, or shell commands were detected within the source.
- [PROMPT_INJECTION]: The skill includes instructions to analyze project-specific files, which defines an indirect prompt injection surface. 1. Ingestion points: .csproj, .sln, packages.config, and YAML build definitions. 2. Boundary markers: None specified in the prompts. 3. Capability inventory: The agent is instructed to perform project classification, code modernization analysis, and pipeline modification. 4. Sanitization: No explicit instructions for sanitizing or validating external project data are provided. This is a characteristic of the tool's analytical purpose and is not considered a malicious finding.
- [SAFE]: All referenced tools, such as the .NET Upgrade Assistant and NuGet package manager, are official components of the .NET ecosystem.
Audit Metadata