azure-eventhub-java

The skill consists of three Markdown files: SKILL.md, references/acceptance-criteria.md, and references/examples.md. These files primarily contain descriptive text, installation instructions for Maven dependencies, and Java code snippets demonstrating the use of the Azure Event Hubs SDK.

1. Prompt Injection: No patterns indicative of prompt injection were found. The content is instructional and does not attempt to manipulate the AI's behavior.
2. Data Exfiltration: No commands or code snippets were found that attempt to read sensitive files or exfiltrate data to external, non-whitelisted domains. The Java examples show how to interact with Azure services, but the skill itself does not perform these actions.
3. Obfuscation: No obfuscation techniques (e.g., Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were detected in any of the files.
4. Unverifiable Dependencies: The skill references Maven dependencies for Azure SDKs (com.azure:azure-messaging-eventhubs, com.azure:azure-identity, com.azure:azure-messaging-eventhubs-checkpointstore-blob). The references/acceptance-criteria.md explicitly links to https://github.com/Azure/azure-sdk-for-java, confirming these are from the trusted Azure GitHub organization. Since the skill itself does not execute installation commands but merely documents them, and the source is trusted, this is not considered a security risk for the skill itself.
5. Privilege Escalation: No commands or instructions for privilege escalation (e.g., sudo, chmod +x, chmod 777, system file modifications) were found.
6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying shell profiles, creating cron jobs, systemd services) were detected.
7. Metadata Poisoning: The YAML front matter in SKILL.md and other descriptive sections are clean and do not contain malicious instructions.
8. Indirect Prompt Injection: While the Java code examples demonstrate processing external data (events from Event Hubs), the skill itself is documentation and does not actively process external content. Therefore, the skill itself is not susceptible to indirect prompt injection.
9. Time-Delayed / Conditional Attacks: No conditional logic or time-based triggers for malicious behavior were found.

Overall, the skill is a safe, informational resource without any active components that could pose a security threat.