The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill refers to and utilizes the @microsoft/learn-cli package via npm and npx. This package is an official tool from a trusted organization and is essential for the skill's primary functionality of searching and fetching Microsoft documentation when the MCP server is unavailable.- [COMMAND_EXECUTION]: The skill provides instructions for using the mslearn CLI tool to search and fetch content. These commands are legitimate and intended for the skill's core purpose of documentation retrieval.- [DATA_EXFILTRATION]: The skill performs network operations to fetch data from learn.microsoft.com using microsoft_docs_fetch and the mslearn CLI. These operations are restricted to official Microsoft documentation domains and do not involve sensitive local data or untrusted external endpoints.- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests and processes content from external sources (Microsoft Learn documentation) using tools like microsoft_docs_fetch and microsoft_docs_search in SKILL.md. While the skill does not implement specific boundary markers or sanitization for this content, the risk is inherently low as it targets reputable official documentation. The skill's capabilities include command execution through the documentation CLI tool.

microsoft-skill-creator