The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches real-time pricing data from the Microsoft Azure Retail Prices API at prices.azure.com. This is a well-known, unauthenticated official service from the skill author used for its intended purpose of cost estimation.
[COMMAND_EXECUTION]: Terminal commands including curl and python3 are used to retrieve and parse JSON data. While automated scanners flagged these as piped execution patterns, manual review confirms that they execute static Python code defined within the skill to process API responses rather than executing remote code.
[DATA_EXFILTRATION]: Resource metadata such as SKUs, regions, and service names from user-provided ARM templates are sent to the Azure API. This data transmission is strictly limited to the information required for the pricing lookup and does not include credentials or sensitive system information.
[PROMPT_INJECTION]: The skill processes external data (ARM templates), which creates an indirect prompt injection surface. This risk is effectively mitigated by specific instructions to the agent to apply proper URL encoding when constructing shell commands, preventing command injection via malicious template values.

azure-cost-estimator