hosted-agents-v2-py

The skill SKILL.md and its accompanying references/acceptance-criteria.md provide documentation and code examples for interacting with Azure AI services. The primary action described that involves external resources is pip install azure-ai-projects>=2.0.0b3 azure-identity. Both azure-ai-projects and azure-identity are official Microsoft Azure SDKs, distributed via PyPI (a trusted source) and maintained under the Azure GitHub organization (a trusted organization, as referenced in references/acceptance-criteria.md).

No prompt injection patterns, data exfiltration attempts (beyond standard package downloads from trusted sources), obfuscation, privilege escalation, or persistence mechanisms were detected. The skill's code examples use DefaultAzureCredential and environment variables for configuration, which are secure practices. The skill explicitly warns against hardcoding secrets.

The skill describes how to configure a hosted agent with a container image and environment variables. While a user could configure a malicious hosted agent, the skill's instructions themselves are benign and focus on the correct usage of the Azure SDK. The skill does not provide or recommend any malicious container images or configurations.

Given that the only external dependencies are from trusted sources and no other malicious patterns were found, the skill is deemed SAFE.