writing-server-code

The provided SKILL.md file is a markdown document detailing code conventions and architectural rationale for Bitwarden's server-side C# development. It serves as a reference guide and does not contain any executable commands, scripts, or instructions that could be interpreted as malicious by an AI agent.

• Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'Override safety') were found. The use of 'Critical Rules' is in a benign, instructional context.
• Data Exfiltration: The skill does not contain any commands or code that could access sensitive file paths or perform network operations for data exfiltration.
• Obfuscation: No obfuscated content (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) was detected.
• Unverifiable Dependencies: The skill references external URLs (e.g., contributing.bitwarden.com, github.com) for further reading and documentation. These are trusted sources and are merely links, not instructions to download or execute external code or packages. Therefore, they do not pose a risk of unverifiable dependencies.
• Privilege Escalation: No commands for privilege escalation (e.g., sudo, chmod 777) are present.
• Persistence Mechanisms: No commands for establishing persistence (e.g., modifying .bashrc, crontab) are present.
• Metadata Poisoning: The skill's name and description are benign and accurately reflect its content.
• Indirect Prompt Injection: The skill does not process external, untrusted user input, so it is not susceptible to indirect prompt injection.
• Time-Delayed / Conditional Attacks: No conditional logic or time-delayed triggers were found.

Overall, the skill is a static documentation file and presents no security concerns.