azure-ai-voicelive-dotnet

================================================================================

✅ VERDICT: SAFE

This skill is documentation for the Azure AI Voice Live SDK for .NET. It does not contain any executable code that would run directly on the agent. The content focuses on installation, authentication, and usage of the SDK, providing code snippets for reference. No active malicious patterns, obfuscation, privilege escalation, or persistence mechanisms were detected within the skill's instructions or code examples.

Total Findings: 3

🔵 LOW Findings: • Unverifiable Dependencies

• SKILL.md Line 12: The skill recommends installing NAudio via dotnet add package. While NAudio is a widely used and reputable audio library, it is an external dependency not explicitly listed in the trusted GitHub organizations. However, given its common use and the context of an audio-related AI skill, this is considered low risk.

ℹ️ TRUSTED SOURCE References: • Trusted External Dependency

• SKILL.md Line 11: The skill recommends installing Azure.Identity via dotnet add package. This package is from the Azure organization, which is a trusted GitHub organization. This is noted as an informational finding. • Credentials Unsafe Example
• references/acceptance-criteria.md Line 47: The acceptance criteria file includes an example of new AzureKeyCredential("sk-hardcoded-key") explicitly labeled as 'INCORRECT: Hardcoded credentials'. While this demonstrates a CREDENTIALS_UNSAFE pattern, it is presented as an anti-pattern and the main SKILL.md explicitly advises against hardcoding API keys. This is noted as an informational finding for educational purposes.

================================================================================