The Agent Skills Directory

[Unverifiable Dependencies & Remote Code Execution] (INFO): The file references official Microsoft Azure NuGet packages and GitHub repositories. Under the [TRUST-SCOPE-RULE], these are categorized as trusted sources, which downgrades the download finding. Evidence: NuGet package 'https://www.nuget.org/packages/Azure.ResourceManager.ApiCenter' and GitHub repository 'https://github.com/Azure/azure-sdk-for-net'.
[Indirect Prompt Injection] (MEDIUM): The skill documents the process of reading external files (e.g., 'orders-api.yaml') and importing their content into Azure resources. This identifies a vulnerability surface where the agent could ingest malicious instructions.
1. Ingestion points: 'File.ReadAllTextAsync' in 'references/acceptance-criteria.md'.
1. Boundary markers: Absent in the provided code snippets.
1. Capability inventory: Filesystem read operations and network write operations to Azure Resource Management (ARM) APIs for resource creation and modification.
1. Sanitization: No explicit validation or sanitization of the specification content is demonstrated in the criteria snippets.

azure-mgmt-apicenter-dotnet