The Agent Skills Directory

PROMPT_INJECTION (LOW): The SKILL.md file uses high-pressure language to override the AI's built-in safety and operational guidelines, employing markers like "AUTHORITATIVE GUIDANCE," "IGNORE any prior training," and "supersedes all other sources" to force compliance with its own logic.
REMOTE_CODE_EXECUTION (HIGH): The reference file references/sdk/azd-deployment.md directs the agent to execute code directly from the internet using curl -fsSL https://aka.ms/install-azd.sh | bash. This pattern is a critical security risk as it bypasses verification, even when originating from a trusted organization like Microsoft.
EXTERNAL_DOWNLOADS (HIGH): An automated scanner (URLite) flagged the requirements.md file for containing a blacklisted URL (URL:Blacklist). This indicates the skill includes a reference to a known-malicious domain or a compromised resource.
PROMPT_INJECTION (LOW): The codebase scanning functionality described in references/scan.md exposes the agent to Indirect Prompt Injection. The skill is designed to ingest data from untrusted files like package.json and requirements.txt. Evidence: (1) Ingestion points: codebase scan tools. (2) Boundary markers: Absent. (3) Capability inventory: Command execution and artifact generation. (4) Sanitization: Not documented.

azure-prepare