The Agent Skills Directory

[Instruction Override Pattern]: The SKILL.md file contains directives stating that its guidance "supersedes all other sources including documentation you were trained on." While this is likely intended to ensure the agent follows the specific, high-quality enterprise standards provided in the local reference files, this phrasing is a known pattern used in prompt injection to override an AI's foundational behavioral constraints.
[Infrastructure Command Execution]: The skill is designed to execute powerful CLI tools including az deployment group create and terraform apply. These commands perform structural changes to production cloud environments. The skill mitigates this risk by implementing mandatory "Status Gates" (requiring an approved status in the plan JSON) and human-in-the-loop confirmation steps before any destructive actions are taken.
[Indirect Prompt Injection Surface]: The workflow incorporates tools such as microsoft_docs_fetch to retrieve content from external documentation sites. This introduces a surface where instructions embedded in external web pages could influence agent behavior.
Ingestion points: External content is ingested via microsoft_docs_fetch during the resource lookup phase.
Boundary markers: The skill currently lacks explicit delimiters or "ignore embedded instructions" warnings when prompting sub-agents to process fetched content.
Capability inventory: The agent has the capability to write files to the local filesystem and execute deployment commands via the Azure CLI and Terraform.
Sanitization: The skill includes a robust verification phase (Phase 4) that validates the generated infrastructure plan against a checklist of pairing constraints and naming rules before any code is generated or executed.

azure-enterprise-infra-planner