azure-ai-agents-persistent-java

The skill azure-ai-agents-persistent-java is a descriptive skill providing documentation and Java code examples for interacting with the Azure AI Agents Persistent SDK.

1. Prompt Injection: No patterns indicative of prompt injection attempts were found in any of the files. The skill's purpose is to guide the generation of Java code, not to be executed as a prompt itself.
2. Data Exfiltration: No code or instructions were found that attempt to exfiltrate sensitive data. The Java examples demonstrate interaction with Azure services, which is the intended purpose. File uploads are to Azure services, not arbitrary external domains.
3. Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were detected in any of the files.
4. Unverifiable Dependencies: The skill references Maven dependencies (com.azure:azure-ai-agents-persistent and com.azure:azure-identity) and GitHub source code (https://github.com/Azure/azure-sdk-for-java). Both com.azure and Azure are listed as trusted external sources. Therefore, these references are noted as LOW/INFO severity, as they are to well-known, reputable sources.
5. Privilege Escalation: No commands or instructions were found that attempt to escalate privileges (e.g., sudo, chmod 777).
6. Persistence Mechanisms: No patterns for establishing persistence (e.g., modifying .bashrc, creating cron jobs) were found.
7. Metadata Poisoning: The metadata fields (name, description, package) are clean and accurately reflect the skill's content.
8. Indirect Prompt Injection: The skill provides examples for building applications that interact with AI agents, which inherently involves processing user input that could potentially contain malicious prompts for the agent. However, the skill's own code is Java, which is not directly vulnerable to prompt injection in the same way a shell script or an LLM's system prompt would be. The skill itself does not introduce this vulnerability; it's a characteristic of the domain it operates in.
9. Time-Delayed / Conditional Attacks: No conditional logic or time-based triggers for malicious behavior were found.

The skill promotes good security practices, such as using DefaultAzureCredential for authentication and environment variables for sensitive configuration, and explicitly warns against hardcoding credentials. The code provided is Java, which is not directly executable by the agent as shell commands, but rather serves as a blueprint for code generation.

Given that all identified external dependencies are from trusted sources and no other malicious patterns were found, the skill is considered SAFE.