The Agent Skills Directory

[PROMPT_INJECTION]: Indirect prompt injection vulnerability surface detected where the skill processes untrusted external data.\n
Ingestion points: The scripts/extract_entities.py script reads and parses user-provided JSON and CSV incident exports.\n
Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or isolate instructions that might be embedded within the incident data.\n
Capability inventory: The agent has the capability to execute shell commands via az rest for network-based API queries and has standard file system access.\n
Sanitization: The extract_entities.py script provides a level of sanitization by using regular expressions to extract only specific patterns (e.g., IPs, emails, hashes, URLs), which prevents the direct processing of arbitrary large blocks of unstructured text as instructions.\n- [COMMAND_EXECUTION]: The skill utilizes the az rest command to interact with Microsoft Graph and Entra ID APIs. This execution is within the scope of the skill's primary purpose for performing security investigations and incident response tasks in a Microsoft environment.

ms-incident-response