The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (SAFE): The skill templates perform network requests to 'login.microsoftonline.com' to retrieve OpenID configuration and public keys. This is standard for Microsoft Entra ID authentication. Since the source is a trusted identity provider and the content is strictly data, this is considered safe.\n- [DATA_EXFILTRATION] (SAFE): No patterns of data exfiltration or unauthorized sensitive file access were found. The implementation uses environment variables for configuration, following security best practices.\n- [PROMPT_INJECTION] (SAFE): The skill contains no instructions that attempt to override system prompts or bypass safety filters.\n- [REMOTE_CODE_EXECUTION] (SAFE): No remote code execution patterns or dynamic code injection methods were found. All dependencies are reputable and versioned libraries.\n- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill processes JWT tokens. Evidence: 1. Ingestion in 'templates/workers-jwt-validation.ts' via Authorization header; 2. Boundary markers defined by the JWT standard; 3. Capabilities limited to identity and role-based access control; 4. Sanitization via cryptographic verification with the 'jose' library.

azure-auth