Skills
skills/levnikolaevich/claude-code-skills/ln-822-nuget-upgrader/Gen Agent Trust Hub

ln-822-nuget-upgrader

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes several .NET CLI commands, such as dotnet build, dotnet test, and dotnet restore, which trigger the execution of code within the project's context.
  • [EXTERNAL_DOWNLOADS]: Installs the dotnet-outdated-tool as a global .NET tool. This tool is a community package hosted on the NuGet registry, which is a well-known service provided by Microsoft.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading and processing external XML data from .csproj and .sln files.
  • Ingestion points: Files with .csproj and .sln extensions are discovered and read recursively from the local filesystem (SKILL.md, Phase 1).
  • Boundary markers: The skill does not implement specific boundary markers or instructions to disregard embedded commands when reading package metadata from project files.
  • Capability inventory: The skill has the capability to install tools, modify project configurations, and execute build/test binaries (SKILL.md, Phases 3, 5, 6).
  • Sanitization: No validation or sanitization of the input file content is documented before it is used to determine migration logic or execute commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 12:39 PM