The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (LOW): The skill recommends installing the azure-monitor-query package via pip. Evidence: Installation instructions in SKILL.md. Mitigation: The package is maintained by the azure (Microsoft) organization, which is a Trusted External Source, downgrading this finding from MEDIUM to LOW per [TRUST-SCOPE-RULE].
[PROMPT_INJECTION] (LOW): The skill creates an indirect prompt injection surface (Category 8) by facilitating the retrieval of external log and metric data. 1. Ingestion points: External data enters the context through client.query_workspace and metrics_client.query_resource in SKILL.md. 2. Boundary markers: Absent in documentation examples. 3. Capability inventory: Network-based read operations for Azure infrastructure data. 4. Sanitization: None demonstrated in snippets. Risk: While the skill is intended for data retrieval, log content containing malicious instructions could potentially influence the agent's logic if processed without validation.

azure-monitor-query-py