azure-security-keyvault-keys-dotnet

The skill consists of two markdown files: SKILL.md and references/acceptance-criteria.md. Both files provide extensive documentation and C# code examples for using the Azure.Security.KeyVault.Keys .NET SDK.

1. Prompt Injection: No patterns indicative of prompt injection were found in either the skill's metadata or content.
2. Data Exfiltration: The skill demonstrates local file operations for key backup and restore (File.WriteAllBytesAsync, File.ReadAllBytesAsync). These are legitimate uses within the context of a key management SDK and do not involve sending data to untrusted external domains. No other network operations or sensitive file accesses combined with exfiltration attempts were detected.
3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, homoglyphs, or URL/hex/HTML encoding were found.
4. Unverifiable Dependencies: The skill references dotnet add package Azure.Security.KeyVault.Keys and dotnet add package Azure.Identity. These packages are from the Azure organization, which is a trusted external source. This is noted as an informational finding but does not elevate the risk.
5. Privilege Escalation: No commands or instructions attempting to escalate privileges (e.g., sudo, chmod 777, service installations) were found.
6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying .bashrc, crontab, authorized_keys) were detected.
7. Metadata Poisoning: The name, description, and package fields in SKILL.md are benign and accurately reflect the skill's purpose. No malicious instructions were found in any metadata fields.
8. Indirect Prompt Injection: As the skill is documentation for an SDK, it does not directly process user-supplied content in a way that would lead to indirect prompt injection. The risk of indirect injection would depend on how a user implements the SDK, not the skill itself.
9. Time-Delayed / Conditional Attacks: No conditional logic based on dates, usage counters, or environment variables designed to trigger malicious behavior at a later time was found.

All external links and references (e.g., NuGet packages, Microsoft Learn documentation, GitHub source) point to official Microsoft/Azure domains, which are considered trusted sources. The skill itself is purely descriptive and does not contain any executable scripts or commands that could pose a direct security risk.