azure-resource-manager-cosmosdb-dotnet

================================================================================

✅ VERDICT: SAFE

This skill is primarily documentation and code examples for using the Azure Resource Manager SDK for Cosmos DB in .NET. It does not contain any executable scripts or code that would run directly as part of the skill. The instructions provided are for users to set up their development environment and write their own C# code using the SDK.

Total Findings: 2

🔵 LOW Findings: • Trusted External Dependency

• SKILL.md Line 15: dotnet add package Azure.ResourceManager.CosmosDB • Trusted External Dependency
• SKILL.md Line 16: dotnet add package Azure.Identity

ℹ️ TRUSTED SOURCE References: • https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/cosmosdb/Azure.ResourceManager.CosmosDB

• references/acceptance-criteria.md Line 5: Reference to official Azure SDK GitHub repository.

================================================================================

Detailed Analysis:

1. Prompt Injection: No prompt injection patterns were detected in any of the files. The skill is instructional and code-focused, not designed to interact with an LLM in a way that would allow injection.

2. Data Exfiltration:

   • The skill demonstrates how to retrieve sensitive data like Cosmos DB keys and connection strings using Console.WriteLine in SKILL.md (Line 90) and references/account-management.md (Line 100). While Console.WriteLine itself is not exfiltration, logging sensitive data is a security risk. However, references/acceptance-criteria.md explicitly includes an ❌ INCORRECT: Logging Keys example (Line 150) and a summary checklist item "Never logs or hardcodes secrets". This strong warning mitigates the risk, indicating the Console.WriteLine examples are for demonstrating API usage, not recommending logging. No direct exfiltration commands to untrusted external domains were found.

3. Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were detected in any of the files.

4. Unverifiable Dependencies:

   • The SKILL.md file instructs the user to install Azure.ResourceManager.CosmosDB and Azure.Identity via dotnet add package. Both packages are official Microsoft Azure SDKs, and the azure GitHub organization is listed as a trusted source. This is noted as a LOW/INFO finding due to being a trusted external dependency.
   • references/acceptance-criteria.md references the official GitHub repository https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/cosmosdb/Azure.ResourceManager.CosmosDB, which is also a trusted source.

5. Privilege Escalation: No commands or instructions for privilege escalation (e.g., sudo, chmod 777, system file modifications) were found.

6. Persistence Mechanisms: No instructions for creating persistence mechanisms (e.g., modifying shell profiles, cron jobs, systemd services) were found.

7. Metadata Poisoning: The metadata in SKILL.md (name, description, package) is clean and accurately reflects the skill's purpose. No malicious instructions were found in any metadata fields.

8. Indirect Prompt Injection: The skill does not process external, untrusted user-supplied content in a way that would lead to indirect prompt injection.

9. Time-Delayed / Conditional Attacks: No time-delayed or conditional attack patterns were detected.

Conclusion: The skill is well-documented, promotes secure coding practices, and relies on trusted external dependencies. The presence of code examples demonstrating retrieval of sensitive data is balanced by explicit warnings against logging such data. The skill itself is instructional and does not execute code, making it inherently safer.