The Agent Skills Directory

[DATA_EXFILTRATION] (MEDIUM): Insecure Transport Security Configuration. The provided code in Infrastructure/Extensions/ExtensionLogging.cs includes transport.ServerCertificateValidationCallback((a, b, c, d) => true);. This explicitly disables SSL/TLS certificate validation for the connection to Elasticsearch. While often used for local development, this pattern is a major security risk that permits Man-in-the-Middle (MitM) attacks. An attacker on the network could intercept the BasicAuthentication credentials (elasticUser, elasticPass) and all structured log data. Although the Program.cs example includes a check for IsDevelopment(), the presence of this code in the core infrastructure template increases the risk of accidental deployment to production environments.
[DATA_EXPOSURE] (LOW): Sensitive Information Handling. While the skill correctly instructs the AI to never log PII or credentials, it suggests a configuration schema where Elasticsearch credentials are stored in appsettings.json. If developers follow this template and check the configuration files into version control without using secure secrets management (like Azure Key Vault or AWS Secrets Manager), it results in credential exposure.

dotnet-elastic-apm