microsoft/assessment
plugins/github-copilot-modernization/skills/assessment/SKILL.md
Run application assessment for a single repository
$ install --global
skillsauthnpx skillsauth add microsoft/github-copilot-modernization assessmentInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 14, 2026, 6:23 AM158.1s1 file scanned
SKILL.md
- name:
- assessment
- description:
- Run application assessment for a single repository
Application Assessment
This skill performs application assessment for a single repository using AppCAT tools.
When to Use This Skill
Use this skill when you need to:
- Assess a Java or .NET application for cloud readiness and migration issues
- Generate detailed assessment reports with issue analysis and recommendations
- Understand application dependencies, frameworks, and potential migration blockers
What This Skill Does
This skill performs a simplified assessment workflow:
-
Check Project Type and Prerequisites:
- For Java projects: Verify that MCP tools are available ('appmod-precheck-assessment' and 'appmod-run-assessment')
- If these MCP tools are not configured, return immediately with setup instructions
- For .NET projects: Check if .NET SDK is available
- No MCP tools required for .NET assessment
- For Java projects: Verify that MCP tools are available ('appmod-precheck-assessment' and 'appmod-run-assessment')
-
Clean Previous Assessment Data:
- Remove files in
.github/modernize/assessmentfolder to prevent interference with the new assessment - This ensures a clean state before running the assessment
- Remove files in
-
Run Assessment:
- For Java projects: Trigger AppCAT analysis via Assessment MCP server
- Uses 'appmod-precheck-assessment' and 'appmod-run-assessment' MCP tools
- Must specify domain: Pass
domainparameter as "Java Upgrade" or "Migrate to Azure" or both- Example:
appmod-run-assessment --domain "Java Upgrade" --projectPath /path/to/project - Example:
appmod-run-assessment --domain "Migrate to Azure" --projectPath /path/to/project
- Example:
- Auto-detects project configuration
- For .NET projects: Install and run AppCAT directly
- Install:
dotnet tool update dotnet-appcat - Find all .csproj files in the workspace
- Join project paths with semicolons:
projectPaths="project1.csproj;project2.csproj" - Run:
dotnet-appcat analyze $projectPaths --source Solution --target Any --serializer APPMODJSON --code --privacyMode Restricted --non-interactive --report {workspace-path}\.github\modernize\assessment\report.json
- Install:
- Analyzes code for cloud migration issues
- Generates structured assessment data
- Report is stored under
.github/modernize/assessment/directory
- For Java projects: Trigger AppCAT analysis via Assessment MCP server
-
Consolidate Report (Java projects only):
- Search for
report.jsonunder.github/modernize/assessment/subdirectories - Common locations:
.github/modernize/assessment/result/report.json - Copy the latest report to
.github/modernize/assessment/report.json - For .NET projects, the report is already generated at
.github/modernize/assessment/report.json - This consolidated report should be included in the pull request
- Search for
Input Parameters
workspace-path(required): Path to the project to assessdomain(required for Java projects): Assessment domain(s)- For Java projects: Must specify one or both of:
"Java Upgrade"- For Java version and framework upgrade assessment"Migrate to Azure"- For Azure migration readiness assessment- Both domains can be specified:
["Java Upgrade", "Migrate to Azure"]
- For .NET projects: This parameter is not used (automatically handles all assessment types)
- For Java projects: Must specify one or both of:
How to Use
Prerequisites
For Java projects:
- MCP tools must be available: 'appmod-precheck-assessment' and 'appmod-run-assessment'
- If tools are not configured, the skill will return instructions for setup
For .NET projects:
- .NET SDK must be installed
- No MCP tools required - appcat will be installed and run directly via .NET CLI
- The assessment will automatically install
dotnet-appcattool if not already present
Triggering Assessment
Simply express the intent to assess the application. Example prompts:
- "Assess the application"
- "Run assessment for this project"
The assessment process automatically:
- Detects project language and framework
- For Java:
- Uses MCP tools to install and run AppCAT
- Requires domain specification: You must specify which assessment domain(s) to run:
"Java Upgrade"- Analyzes Java version upgrade paths, Spring Boot versions, deprecated APIs"Migrate to Azure"- Analyzes Azure migration readiness, service recommendations- Both domains can be run sequentially by specifying both
- Example:
appmod-run-assessmentwith domain parameter set to"Java Upgrade"or"Migrate to Azure"
- For .NET: Installs dotnet-appcat tool and runs analysis directly
- Executes comprehensive analysis
- Generates report at
.github/modernize/assessment/report.json
Report Consolidation
For Java projects:
- Search for
report.jsonfiles under.github/modernize/assessment/subdirectories - If multiple reports exist, identify the most recently modified one
- Copy the latest report to
.github/modernize/assessment/report.json - Include this consolidated report in the pull request
For .NET projects:
- Report is directly generated at
.github/modernize/assessment/report.json - Include this report in the pull request
Report Output Location
Report location depends on project type:
For Java projects (via MCP server):
- Initially stored under
.github/modernize/assessment/subdirectories - Common locations:
.github/modernize/assessment/result/report.json - Consolidated to:
.github/modernize/assessment/report.json
For .NET projects (direct execution):
- Directly generated at:
.github/modernize/assessment/report.json
Final report location (include this in pull request):
.github/modernize/assessment/report.json
Success Criteria
Assessment is complete when:
- ✅ For Java: MCP server is available (or clear instructions provided if not)
- ✅ For .NET: .NET SDK is available and dotnet-appcat tool is installed
- ✅ AppCAT analysis executes without errors
- ✅ Report generated at
.github/modernize/assessment/report.json - ✅ Report metadata includes assessment tool version, timestamp, and configuration
Troubleshooting
Prerequisites Not Met:
- For Java: Verify MCP tools are available ('appmod-precheck-assessment' and 'appmod-run-assessment')
- Return immediately with setup instructions if tools are not available
- Do not attempt to run assessment without MCP
- For .NET: Verify .NET SDK is installed
- Check with
dotnet --versioncommand - Provide installation instructions if .NET SDK is missing
- Check with
Assessment Failures:
- Unsupported project type (only Java and .NET supported)
- For Java: MCP server communication errors
- For .NET:
- dotnet-appcat tool installation failure
- dotnet-appcat command execution errors
- Invalid project structure or build configuration
Report Generation Issues:
- For Java: No report.json found under
.github/modernize/assessment/subdirectories after MCP execution - For .NET: Report not generated at
.github/modernize/assessment/report.json - Report file is corrupted or invalid JSON
For any failure, provide clear error messages and troubleshooting steps.
Related Skills
microsoft/clarifying-scenarios
development
VerifiedTrustedCommunity
Evaluates whether a user's modernization/rewrite request provides enough scenario context to proceed (e.g., target component library, screenshots, design system for frontend; API contract policy, data migration strategy for backend). Produces a deterministic clarity score, asks the user for missing required fields via a structured form, and writes a canonical `clarification.md` artifact consumed by all downstream agents. Triggers: "clarification gate", "scenario clarification", "elicit missing context", "evaluate prompt completeness", "ask user for screenshots / target library / design system". NOT for: feature specification (use feature-inventory), planning (use creating-implementation-plan), implementation (use implementing-code), or resolving spec-time `[NEEDS CLARIFICATION]` markers (those remain owned by feature-inventory).
12SKILL.mdUpdated Jun 4, 2026
microsoft/appmod-hooks
tools
VerifiedTrustedCommunity
Lifecycle hooks for the modernize-rearchitecture coordinator. Defines hook points, registered actions, and execution rules.
12SKILL.mdUpdated Jun 4, 2026
microsoft/team-charters
development
VerifiedTrustedCommunity
Provides role charters (mission, ownership, core principles, quality bar) for a multi-agent coding team. Each charter defines the role's mission, ownership scope, core principle (boundary constraints), and quality bar. Most roles also include communication rules. Consumed by the coordinator during task decomposition to assign work to the correct role. Triggers: "look up role charter", "what does the architect own", "check role boundaries", "find team roles", "which role handles X", "list agent charters", "role responsibilities". NOT for: task decomposition (use breaking-down-tasks), implementation (use implementing-code), architecture analysis (use analyzing-architecture).
12SKILL.mdUpdated May 14, 2026
microsoft/project-recon
tools
VerifiedTrustedCommunity
Zero-dependency shell recon for any code repository — detect languages, count LOC, and report project scale. Pure POSIX find/wc or PowerShell, no Python or third-party tools required. Triggers: "how big is this project", "what languages", "project sizing", "repo recon", "LOC count", "scope check".
12SKILL.mdUpdated May 14, 2026