The Agent Skills Directory

Indirect Prompt Injection (MEDIUM): The skill ingests untrusted log data and transmits it to a network endpoint, creating a vulnerability surface for indirect prompt injection.\n
Ingestion points: The logs collection provided to the upload method as seen in SKILL.md.\n
Boundary markers: Absent; there are no delimiters or explicit instructions to the agent to ignore instructions embedded within the log content.\n
Capability inventory: Network communication via the LogsIngestionClient to user-defined Data Collection Endpoints (DCE).\n
Sanitization: Absent; the skill does not perform any validation or sanitization on the log entries before ingestion or transmission.\n- Unverifiable Dependencies & Remote Code Execution (LOW): The skill references external Maven dependencies for its operation.\n
Evidence: Dependency on com.azure:azure-monitor-ingestion and com.azure:azure-identity (found in SKILL.md and references/examples.md).\n
Trust Status: These are official packages maintained by Microsoft. As Microsoft and Azure are trusted organizations, the finding for external downloads is downgraded to LOW per [TRUST-SCOPE-RULE].

azure-monitor-ingestion-java