The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (LOW): The skill requires the installation of the following Python packages from PyPI: azure-messaging-webpubsubservice, azure-messaging-webpubsubclient, and azure-identity. These are official Microsoft Azure packages and fall within the trusted source scope.
[PROMPT_INJECTION] (MEDIUM): The skill exhibits an indirect prompt injection surface (Category 8). 1. Ingestion points: The skill processes untrusted external data through the @client.on('server-message') event handler demonstrated in SKILL.md. 2. Boundary markers: No delimiters or instructions are provided to mitigate the risk of the agent obeying malicious commands embedded in received messages. 3. Capability inventory: The skill enables side-effect capabilities such as send_to_all, send_to_group, add_user_to_group, and close_connection via the WebPubSubServiceClient as shown in SKILL.md. 4. Sanitization: No sanitization or validation of message content is included in the examples to prevent downstream exploitation.

azure-messaging-webpubsubservice-py