azure-mgmt-apimanagement-dotnet

The skill consists of five markdown files: SKILL.md, references/acceptance-criteria.md, references/apis-operations.md, references/products-subscriptions.md, and references/service-management.md. These files primarily contain descriptive text and C# code examples for using the Azure Resource Manager SDK for API Management.

1. Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were detected across any of the files.

2. Prompt Injection: No patterns indicative of prompt injection attempts were found in any of the content or metadata fields.

3. Data Exfiltration:

   • The skill demonstrates how to retrieve and print subscription keys (PrimaryKey, SecondaryKey) to the console (Console.WriteLine). While printing sensitive data to standard output can be a risk if the output is logged or captured, the skill itself does not perform any network operations to exfiltrate this data to an untrusted external server. It's a demonstration of SDK functionality.
   • One example in references/products-subscriptions.md shows a hardcoded password (Password = "SecurePassword123!") for user creation. However, this is within a C# code example, not an executable command, and the main SKILL.md explicitly lists "Always use DefaultAzureCredential — never hardcode keys" as a best practice, mitigating this as a direct threat from the skill itself.
   • File reading (File.ReadAllText("petstore-openapi.json")) is for loading local configuration, not sensitive system files. External URLs referenced (https://petstore.swagger.io/v2/swagger.json) are for public API specifications from a well-known source.

4. Unverifiable Dependencies:

   • The SKILL.md file instructs users to run dotnet add package Azure.ResourceManager.ApiManagement and dotnet add package Azure.Identity. These packages are from nuget.org and the Azure GitHub organization, both of which are considered trusted external sources. This is noted as an informational finding (LOW/INFO) but does not elevate the overall verdict.

5. Privilege Escalation: No commands or instructions for privilege escalation (e.g., sudo, chmod 777, system file modification) were found.

6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying .bashrc, creating cron jobs, systemd services) were detected.

7. Metadata Poisoning: The name and description fields in SKILL.md are benign and accurately reflect the skill's purpose.

8. Indirect Prompt Injection: Not applicable, as the skill primarily provides code examples and does not process external user-supplied content in a way that would lead to indirect prompt injection.

9. Time-Delayed / Conditional Attacks: No time-delayed or conditional logic for malicious behavior was identified.

Conclusion: The skill is purely informational, providing documentation and code examples. It does not contain any executable components that would run on the agent's system. The external dependencies are from trusted sources. Therefore, the skill is deemed SAFE.