migrate-nullable-references
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
dotnetCLI for building and testing projects, as well as a local PowerShell script for project scanning. These actions are essential for the skill's stated purpose of C# code migration. - [SAFE]: A security review of
scripts/Get-NullableReadiness.ps1confirms it performs read-only static analysis on the local filesystem. The script contains no network-reaching code, obfuscation, or persistence mechanisms. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing local project files.
- Ingestion points:
Get-NullableReadiness.ps1reads configuration and source code from the local repository. - Boundary markers: None explicitly used in the script's output, though it generates structured data.
- Capability inventory: The skill can modify local files and execute shell commands related to .NET development.
- Sanitization: The script uses Regex and XML parsing to process files, which minimizes the risk of the agent misinterpreting code content as direct instructions.
Audit Metadata