The Agent Skills Directory

[External Downloads] (MEDIUM): The skill instructs the user or agent to install additional skills using npx skills add seligj95/azure-app-service-skills.
The source account 'seligj95' is not included in the Trusted External Sources whitelist.
Remote skill installation from unverified sources bypasses standard security reviews and could introduce malicious scripts or prompt injections into the agent's workflow.
[Command Execution] (LOW): The skill provides numerous implementation examples using the Azure CLI (az).
Evidence: Commands such as az webapp update, az webapp config set, and az monitor autoscale create are listed.
Risk: While these are intended for legitimate configuration, an agent with autonomous execution capabilities might run these commands against production environments without sufficient validation.
[Indirect Prompt Injection] (LOW): The skill functions by reviewing and optimizing configurations, which involves processing external data.
Ingestion points: Input provided during App Service configuration reviews or optimization tasks.
Capability inventory: Generates CLI commands for infrastructure modification.
Boundary markers: None present in the skill definition to separate untrusted configuration data from the best practice logic.
Risk: An attacker providing a malicious infrastructure description could potentially influence the agent's output, although the skill's strong focus on security 'best practices' (like enforcing HTTPS and Key Vault) provides some natural resistance.

azure-app-service-best-practices