The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection due to its core function of ingesting untrusted event data.\n
Ingestion points: Untrusted external data enters the agent's context through the event.body_as_str() method in the on_event callback demonstrated in SKILL.md.\n
Boundary markers: Absent. The provided examples do not use delimiters or provide instructions to the agent to treat event bodies as untrusted content.\n
Capability inventory: The skill provides significant capabilities including sending event batches (producer.send_batch), receiving events (consumer.receive), and retrieving Event Hub properties (get_eventhub_properties).\n
Sanitization: No sanitization, filtering, or validation logic is implemented for the data retrieved from the event stream.\n- [NO_CODE] (LOW): The skill documentation refers to implementation files that are not included in the provided bundle.\n
Evidence: SKILL.md references scripts/setup_consumer.py and other documentation files in its file table, but these files are missing from the skill package.\n- [EXTERNAL_DOWNLOADS] (INFO): The skill specifies the installation of external Python dependencies.\n
Evidence: pip install commands for azure-eventhub, azure-identity, and azure-eventhub-checkpointstoreblob-aio are included in the installation instructions.\n
Status: Trusted. These are official packages maintained by the microsoft organization (downgraded per [TRUST-SCOPE-RULE]).

azure-eventhub-py