azure-mgmt-fabric-py

1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', role-play injection, developer mode activation) were detected in either SKILL.md or references/acceptance-criteria.md. The content is purely instructional and descriptive.
2. Data Exfiltration: No sensitive file paths (e.g., ~/.aws/credentials, ~/.ssh/id_rsa) are accessed. The skill uses os.environ to retrieve AZURE_SUBSCRIPTION_ID and AZURE_RESOURCE_GROUP, which is a standard and secure method for accessing environment variables. All network interactions are expected to be with the Azure API via the official SDK, which is necessary for its functionality and not considered exfiltration to malicious third parties.
3. Obfuscation: No obfuscated content (e.g., Base64 encoding, zero-width characters, Unicode homoglyphs, URL/hex/HTML encoding) was found in any of the provided files.
4. Unverifiable Dependencies: The SKILL.md file instructs users to install azure-mgmt-fabric and azure-identity via pip. The references/acceptance-criteria.md file explicitly links to https://github.com/Azure/azure-sdk-for-python. Since the azure organization is a trusted GitHub organization, these dependencies are considered low risk. This finding is noted as INFO, but does not elevate the overall verdict.
5. Privilege Escalation: No commands or code snippets attempt to gain elevated privileges (e.g., sudo, chmod +x, chmod 777, service installations, or modifications to system configuration files).
6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying shell configuration files like ~/.bashrc, creating cron jobs, or manipulating SSH authorized keys) were found.
7. Metadata Poisoning: The skill's metadata (name, description) and the content of the references/acceptance-criteria.md file are benign and accurately describe the skill's purpose. No hidden malicious instructions were found in these fields.
8. Indirect Prompt Injection: The skill's design focuses on managing Azure resources through API calls, not processing arbitrary external user input that could contain hidden instructions. Therefore, the risk of indirect prompt injection is not directly applicable to the skill's operational model.
9. Time-Delayed / Conditional Attacks: No conditional logic was found that would trigger malicious behavior based on specific dates, usage counts, or environmental factors.

Adversarial Reasoning: The skill is well-documented, uses official and trusted Azure SDKs, and follows recommended security practices for authentication (e.g., DefaultAzureCredential, environment variables). The references/acceptance-criteria.md file even explicitly highlights and warns against common insecure anti-patterns (like hardcoded credentials), which reinforces a commitment to secure development. There are no hidden elements, suspicious behaviors, or discrepancies between the stated purpose and the provided code examples that would suggest malicious intent.