azure-mgmt-arizeaiobservabilityeval-dotnet

The skill consists of two Markdown files: SKILL.md and references/acceptance-criteria.md. Both files are purely descriptive and contain C# code snippets for demonstration purposes, not for execution by the AI agent.

1. Prompt Injection: No patterns indicative of prompt injection were found in either file. The language is instructional and technical.
2. Data Exfiltration: The skill describes the use of environment variables for Azure credentials (AZURE_SUBSCRIPTION_ID, AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET), which are sensitive. However, the skill only references these variables as input for the SDK and does not contain any code to read, process, or exfiltrate them. No network operations to non-whitelisted domains or sensitive file access were detected.
3. Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were detected in either file.
4. Unverifiable Dependencies: The SKILL.md file instructs users to install Azure.ResourceManager.ArizeAIObservabilityEval via dotnet add package and lists its dependencies (Azure.Core, Azure.ResourceManager). It also links to the NuGet package and the Azure/azure-sdk-for-net GitHub repository. The references/acceptance-criteria.md file also references the same GitHub and NuGet sources. These are all recognized as Trusted External Sources (Microsoft/Azure organizations). As such, this finding is downgraded to LOW/INFO severity, as it's a standard and trusted dependency reference, not an unverified or malicious one.
5. Privilege Escalation: No commands or instructions for privilege escalation (sudo, chmod, service installation, etc.) were found.
6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying shell profiles, cron jobs, systemd services) were detected.
7. Metadata Poisoning: The name and description fields in SKILL.md are benign and accurately reflect the skill's purpose.
8. Indirect Prompt Injection: The skill does not process external user-supplied content, so it is not susceptible to indirect prompt injection.
9. Time-Delayed / Conditional Attacks: No conditional logic that would trigger malicious behavior based on time, usage, or environment was found.

Conclusion: The skill is purely informational, describing the usage of a legitimate Azure SDK. The external dependencies are from trusted sources. There are no executable components for the AI agent, and no malicious patterns were identified.