azure-maps-search-dotnet

The skill files (SKILL.md and references/acceptance-criteria.md) were thoroughly analyzed for security vulnerabilities, including prompt injection, data exfiltration, obfuscation, unverifiable dependencies, privilege escalation, persistence mechanisms, metadata poisoning, indirect prompt injection, and time-delayed attacks.

1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'Override', 'jailbreak') were found in either the skill description or the code examples.

2. Data Exfiltration: The skill demonstrates how to retrieve Azure Maps subscription keys and client IDs from environment variables (Environment.GetEnvironmentVariable). This is a secure practice and explicitly warns against hardcoding credentials. There are no commands or code snippets that attempt to read sensitive files (e.g., ~/.ssh/id_rsa, .aws/credentials) or exfiltrate data to untrusted external domains. The saving of a map tile to a local file (./MapTile.png) is a benign local file operation.

3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, homoglyphs, or URL/hex/HTML encoding were detected in the skill content.

4. Unverifiable Dependencies: The skill instructs users to install various Azure.Maps.* and Azure.Identity NuGet packages using dotnet add package. These packages are part of the official Azure SDK for .NET, maintained by Microsoft. The GitHub repository https://github.com/Azure/azure-sdk-for-net and NuGet (https://www.nuget.org/packages/Azure.Maps.Search) are considered trusted external sources. Therefore, while external dependencies are involved, they are from highly reputable sources, and this finding is downgraded to INFO/LOW severity. The skill itself does not automatically execute these installations; it provides instructions for the user.

5. Privilege Escalation: No commands or instructions that attempt to escalate privileges (e.g., sudo, chmod 777, service installations) were found.

6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying .bashrc, crontab, authorized_keys) were detected.

7. Metadata Poisoning: The name, description, and package metadata in SKILL.md are benign and accurately describe the skill's purpose.

8. Indirect Prompt Injection: The skill processes user-provided addresses, coordinates, and IP addresses. As with any skill that handles external input, there's a theoretical risk of indirect prompt injection if the input itself is malicious. However, the skill's design and code examples do not introduce specific vulnerabilities in this regard; it's a general consideration for any data-processing application.

9. Time-Delayed / Conditional Attacks: No conditional logic or time-based triggers for malicious behavior were identified.

Conclusion: The skill is well-documented, promotes secure coding practices (e.g., using environment variables for credentials, avoiding hardcoded secrets), and relies on official, trusted Microsoft SDKs. It primarily serves as a guide and does not contain any directly executable malicious code. The external dependencies are from trusted sources, mitigating the risk associated with package installations.