azure-communication-common-java

The skill consists of three Markdown files: SKILL.md, references/acceptance-criteria.md, and references/examples.md. All files primarily serve as documentation and provide code examples for using the Azure Communication Services Common SDK for Java. No executable scripts or direct commands are present within the skill's instructions. The code snippets are illustrative and demonstrate standard, secure practices for SDK usage.

1. Prompt Injection: No patterns indicative of prompt injection attempts were found across any of the files. The language used is instructional and technical, without any manipulative phrases or attempts to override AI behavior.
2. Data Exfiltration: No direct commands or code snippets designed to exfiltrate sensitive user data were detected. The examples demonstrate how to handle user tokens, but explicitly warn against logging or exposing them (e.g., "Never log or expose full tokens" in Best Practices). While references/examples.md shows an example of an HttpClient making a network request to a tokenEndpoint, this is for the legitimate purpose of fetching a new token as part of the SDK's functionality, not for exfiltrating local data to an attacker-controlled server. The tokenEndpoint is a variable that would be configured by the user.
3. Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were found in any of the files. All content is presented in clear, readable plaintext.
4. Unverifiable Dependencies: The skill references a Maven dependency: com.azure:azure-communication-common. This dependency belongs to the com.azure group, which is part of the azure GitHub organization, a recognized trusted external source. Other libraries like com.fasterxml.jackson.databind are also standard and widely used. These are library references for compilation, not direct script downloads or executions. Given the trusted source, this is not considered a security risk in this context.
5. Privilege Escalation: No commands or instructions that would attempt to escalate privileges (e.g., sudo, chmod 777, service installations) were found.
6. Persistence Mechanisms: No patterns for establishing persistence (e.g., modifying .bashrc, creating cron jobs, systemd services) were detected.
7. Metadata Poisoning: The metadata fields (name, description) in SKILL.md are benign and accurately describe the skill's purpose. No malicious instructions were hidden in metadata.
8. Indirect Prompt Injection: The skill itself is documentation and does not process external, untrusted user input in a way that would make it susceptible to indirect prompt injection.
9. Time-Delayed / Conditional Attacks: No conditional logic designed to trigger malicious behavior based on time, usage, or specific environmental factors was found.

Overall, the skill is purely descriptive and provides code examples for using a legitimate SDK. It adheres to good security practices by warning against token exposure and suggesting the use of environment variables. The external dependencies are from trusted sources and are standard for Java development.