The Agent Skills Directory

EXTERNAL_DOWNLOADS (LOW): The skill references official Microsoft NuGet packages (Azure.Identity, Microsoft.Extensions.Azure, Azure.Identity.Broker). These are from trusted sources per the [TRUST-SCOPE-RULE], justifying a LOW severity for the download reference.\n- CREDENTIALS_UNSAFE (SAFE): While the skill demonstrates how to use service principal secrets and certificates, it consistently uses placeholders (e.g., <client-secret-value>, <tenant-id>) and documentation in acceptance-criteria.md explicitly forbids hardcoding credentials.\n- NO_CODE (INFO): The skill contains only documentation and reference material (Markdown) with no executable scripts or binaries included in the package.\n- INDIRECT_PROMPT_INJECTION (INFO): As a documentation-only skill, it does not ingest external data or provide executable tool capabilities, presenting no active attack surface for injection.

azure-identity-dotnet