azure-storage-blob-rust

The skill azure-storage-blob-rust is a documentation-based skill providing instructions and code examples for using the Azure Blob Storage SDK for Rust.

1. Prompt Injection: No patterns indicative of prompt injection were found in either SKILL.md or references/acceptance-criteria.md. The descriptions and instructions are straightforward and do not attempt to manipulate the AI's behavior or bypass safety guidelines.

2. Data Exfiltration: No commands or code snippets were found that attempt to read sensitive files (e.g., ~/.aws/credentials, ~/.ssh/id_rsa) or exfiltrate data to external, untrusted domains. The skill correctly advises using environment variables for sensitive information like AZURE_STORAGE_ACCOUNT_NAME rather than hardcoding. The references/acceptance-criteria.md file even explicitly flags hardcoded account keys as an "Anti-Pattern," promoting secure practices.

3. Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were detected in any part of the skill files. The content is clear and readable.

4. Unverifiable Dependencies: The SKILL.md file includes an installation instruction: cargo add azure_storage_blob azure_identity (Line 13). This command installs external Rust crates. However, azure_storage_blob and azure_identity are official crates from the Azure organization, which is listed as a trusted GitHub organization. The skill also links to the official Azure/azure-sdk-for-rust GitHub repository. Therefore, while it involves external dependencies, their source is trusted. This finding is noted as LOW/INFO severity.

5. Privilege Escalation: No commands like sudo, doas, chmod +x, chmod 777, or any instructions for installing services or modifying system files were found.

6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying shell configuration files, creating cron jobs, or systemd services) were detected.

7. Metadata Poisoning: The skill's metadata (name, description, package) is benign and accurately reflects the skill's purpose. No malicious instructions were embedded in these fields.

8. Indirect Prompt Injection: The skill itself is instructional and does not process external, untrusted user input in a way that would make it susceptible to indirect prompt injection.

9. Time-Delayed / Conditional Attacks: No conditional logic based on dates, times, usage counts, or specific environment variables was found that could trigger malicious behavior.

Conclusion: The skill is well-documented and focuses on providing guidance for using a legitimate SDK. The only external dependency identified is from a trusted source. The skill promotes secure practices (e.g., using Entra ID, avoiding hardcoded keys). Therefore, the skill is considered SAFE.