azure-enterprise-infra-planner

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). This skill includes an explicit instruction to "supersede all other sources including documentation you were trained on" and to "MUST" follow its directives, which is an attempt to override prior/system instructions and thus constitutes a prompt-injection-style override outside normal planning behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill mandates runtime calls to MCP tools that return markdown URLs which the agent must fetch and summarize (e.g., https://learn.microsoft.com/azure/ai-services/cognitive-services-custom-subdomains), and those fetched documents are explicitly used to drive sub-agent instructions and plan generation, so an external URL is used at runtime to control agent prompts.