azure-search-documents-dotnet

The skill consists of four markdown files: SKILL.md, references/acceptance-criteria.md, references/semantic-search.md, and references/vector-search.md. All files provide documentation and code examples for using the Azure AI Search SDK for .NET.

1. Prompt Injection: No patterns indicative of prompt injection were found across any of the files. The content is instructional and does not attempt to manipulate the AI's behavior.

2. Data Exfiltration: No sensitive file paths are accessed, nor are there any network operations (like curl, wget, fetch, requests) targeting non-whitelisted domains. The skill explicitly recommends using environment variables for sensitive information like API keys (SEARCH_API_KEY), which is a secure practice. The C# code examples correctly retrieve these values using Environment.GetEnvironmentVariable().

3. Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were detected in any of the files.

4. Unverifiable Dependencies:

• SKILL.md contains dotnet add package Azure.Search.Documents and dotnet add package Azure.Identity. These are standard NuGet packages from Microsoft, which is a trusted organization. As per the protocol, this is noted as a LOW severity finding due to being a trusted external source.
• references/acceptance-criteria.md references the GitHub repository https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/search/Azure.Search.Documents. This is also a trusted GitHub organization (Azure). This is noted as an INFO finding.

5. Privilege Escalation: No commands or instructions that attempt to acquire elevated privileges (e.g., sudo, chmod +x, chmod 777, service installation) were found.

6. Persistence Mechanisms: No patterns for establishing persistence (e.g., modifying shell configuration files, creating cron jobs, LaunchAgents, systemd services, or SSH authorized_keys) were detected.

7. Metadata Poisoning: The metadata fields in SKILL.md (name, description, package) are benign and accurately reflect the skill's purpose.

8. Indirect Prompt Injection: The skill is documentation and does not process external user-supplied content, so it is not susceptible to indirect prompt injection.

9. Time-Delayed / Conditional Attacks: No conditional logic based on time, usage, or environment variables that could trigger malicious behavior was found.

Adversarial Reasoning: The skill's content is transparent and aligns with its stated purpose. The code examples demonstrate best practices for secure credential handling. The only external references are to trusted Microsoft-maintained packages and repositories. The skill itself is purely descriptive and does not execute any code directly.