researching-azure-ai-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's required "Delegation Pattern" in SKILL.md explicitly instructs the agent to search and ingest content from public GitHub repositories and public Microsoft docs (e.g., github.com/Azure/azure-sdk-for-net, github.com/microsoft-foundry/foundry-samples, and learn.microsoft.com links), which the agent will read and use to determine API usage and next actions, exposing it to untrusted third-party content that could inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runSubagent pattern explicitly instructs runtime fetching and ingestion of remote repository content (e.g., https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/ai/Azure.AI.Projects, the Azure.AI.Agents.Persistent samples path, and https://github.com/microsoft-foundry/foundry-samples) to produce research outputs, meaning external content would be fetched at runtime and could directly influence agent prompts/responses.