azure-eventhub-dotnet

The skill consists of two Markdown files: SKILL.md and references/acceptance-criteria.md. Both files primarily serve as documentation and provide code snippets for using the Azure Event Hubs SDK for .NET. No executable scripts or commands are present for the AI to run directly.

1. Prompt Injection: No patterns indicative of prompt injection were found in either file.
2. Data Exfiltration: The skill does not contain any commands or code that would exfiltrate data. The C# code examples demonstrate interaction with Azure Event Hubs and Blob Storage, which is the intended purpose of the SDK, and these operations are not directed to arbitrary or malicious external domains. Sensitive information like connection strings are explicitly advised against hardcoding and are expected to be managed via environment variables.
3. Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, etc.) were detected in the content of the files.
4. Unverifiable Dependencies: The SKILL.md file instructs users to install several .NET packages using dotnet add package. These packages (Azure.Messaging.EventHubs, Azure.Messaging.EventHubs.Processor, Azure.Identity, Azure.Storage.Blobs, Azure.ResourceManager.EventHubs, Microsoft.Azure.WebJobs.Extensions.EventHubs) are all official Microsoft Azure SDKs. The references/acceptance-criteria.md file also explicitly links to the official Azure SDK for .NET GitHub repository (https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/eventhub). As these are from trusted GitHub organizations (microsoft, Azure), these references are considered informational (INFO) and do not elevate the overall risk.
5. Privilege Escalation: No commands or instructions for privilege escalation (e.g., sudo, chmod 777, service installations) were found.
6. Persistence Mechanisms: No patterns for establishing persistence (e.g., modifying .bashrc, crontab, authorized_keys) were detected.
7. Metadata Poisoning: The metadata fields (name, description, package) in SKILL.md are clean and accurately describe the skill's purpose.
8. Indirect Prompt Injection: The skill describes how to process events from Azure Event Hubs. If an application built using these instructions were to process untrusted data from Event Hubs, there is a theoretical risk of indirect prompt injection if that data is subsequently fed to an AI. However, this is a risk inherent to the data being processed by the application, not a vulnerability within the skill's instructions themselves. This is noted as an informational risk (INFO) for the user to be aware of when building applications based on these instructions.
9. Time-Delayed / Conditional Attacks: No conditional logic or time-based triggers for malicious behavior were found.

Overall, the skill is purely instructional and provides safe, best-practice guidance for using a legitimate SDK. The external dependencies are explicitly from trusted sources, and the skill itself does not execute any code.