azure-eventgrid-dotnet

The skill consists of two markdown files: SKILL.md and references/acceptance-criteria.md. Both files primarily serve as documentation and provide code snippets for using the Azure Event Grid SDK.

1. Prompt Injection: No patterns indicative of prompt injection were found in either file. The language is instructional and technical.

2. Data Exfiltration: No commands or instructions were found that attempt to exfiltrate sensitive data (e.g., ~/.aws/credentials, ~/.ssh/id_rsa) to external, untrusted domains. The skill describes the use of environment variables for credentials (EVENT_GRID_TOPIC_KEY) and even explicitly warns against hardcoding API keys, promoting good security practices.

3. Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were detected in the content of either file.

4. Unverifiable Dependencies: The SKILL.md file includes instructions for installing .NET packages using dotnet add package (e.g., Azure.Messaging.EventGrid, Microsoft.Azure.Messaging.EventGrid.CloudNativeCloudEvents, Azure.Identity). These packages are sourced from nuget.org and are part of the official Azure SDKs maintained by Microsoft and Azure, which are listed as trusted external sources. Therefore, this is noted as a LOW/INFO finding for EXTERNAL_DOWNLOADS but does not elevate the overall risk.

5. Privilege Escalation: No commands or instructions were found that attempt to escalate privileges (e.g., sudo, chmod 777, service installations).

6. Persistence Mechanisms: No instructions were found that attempt to establish persistence (e.g., modifying .bashrc, crontab, authorized_keys).

7. Metadata Poisoning: The metadata fields (name, description, package) in SKILL.md are benign and accurately describe the skill's purpose.

8. Indirect Prompt Injection: The skill describes how to process events from Azure Event Grid. As with any system that processes external data, there is an inherent risk that malicious content within these events could be used for indirect prompt injection if the agent were to process them. This is an informational risk related to the domain, not a vulnerability introduced by the skill's instructions themselves.

9. Time-Delayed / Conditional Attacks: No conditional logic or time-based triggers for malicious behavior were identified.

Conclusion: The skill is primarily documentation and code examples for a well-known SDK. The instructions for installing dependencies refer to trusted sources. No direct security vulnerabilities were found within the skill's instructions or content.