dotnet-update-packages
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes the 'dotnet' CLI to list and update packages, which is appropriate for its stated purpose.
- [EXTERNAL_DOWNLOADS] (LOW): The skill downloads and installs packages from NuGet. Since NuGet is a trusted external repository for the .NET ecosystem, the severity is downgraded per the TRUST-SCOPE-RULE.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes data from .csproj files and CLI outputs which could be influenced by untrusted external sources. Evidence Chain: 1. Ingestion points: .csproj files and 'dotnet package list' JSON output. 2. Boundary markers: Not explicitly used. 3. Capability inventory: 'dotnet package update' and 'dotnet build' execution. 4. Sanitization: None.
Audit Metadata