The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): Scripts such as 'setup-user.sh' and 'setup-group.sh' interpolate user-controlled variables (e.g., $USER_UPN, $GROUP_NAME) directly into shell commands and SQL strings. This creates a vulnerability surface where a malicious user could provide crafted inputs to execute unintended commands or SQL statements.- [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard, well-known libraries like 'azure-identity' and 'pg' from trusted public registries (PyPI, npm). These are essential for the skill's primary purpose and do not pose a security risk in this context.- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it processes untrusted user data (UPNs, group names) which is then used in privileged administrative operations. Evidence: 1. Ingestion points: Script arguments in 'scripts/*.sh' files. 2. Boundary markers: Absent. 3. Capability inventory: Execution of 'az' CLI and 'psql' queries across all setup scripts. 4. Sanitization: Limited quote escaping via sed is present for group names, but largely absent for other parameters.

azure-postgres