The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill creates a high-severity vulnerability surface for indirect prompt injection. Ingestion points: The agent reads untrusted data via getEntity and listEntities methods in SKILL.md. Boundary markers: There are no delimiters or 'ignore embedded instructions' warnings present when the agent receives database content. Capability inventory: The skill possesses extensive capabilities including createEntity, updateEntity, upsertEntity, deleteEntity, and deleteTable. Sanitization: No sanitization or validation of data retrieved from the table is performed before the agent processes it. An attacker could store malicious instructions in a table property that the agent later reads and follows, potentially leading to unauthorized data deletion or modification.
External Downloads (LOW): The skill downloads the com.azure:azure-data-tables package. Although this is a remote dependency, the source (Microsoft Azure) is within the [TRUST-SCOPE-RULE] list of trusted organizations, which downgrades the download finding severity to LOW.

azure-data-tables-java