The Agent Skills Directory

CREDENTIALS_UNSAFE (HIGH): The skill instructions in SKILL.md (Step 2.3) explicitly direct the agent to capture 'connection strings' and 'App Settings pointing to Key Vaults'. Documenting these secrets in plain-text markdown files in the workspace creates a significant risk of credential exposure.
PROMPT_INJECTION (HIGH): The skill is vulnerable to indirect prompt injection (Category 8). 1. Ingestion points: Azure resource names, tags, and properties retrieved via the 'az' CLI (SKILL.md, Step 2). 2. Boundary markers: None present. 3. Capability inventory: Terminal execution via Azure CLI and file-write operations (SKILL.md, Operating Guidelines). 4. Sanitization: None mentioned. An attacker with control over Azure resource metadata could inject malicious instructions into the Mermaid diagrams or markdown reports.
COMMAND_EXECUTION (LOW): The skill relies on the 'az' (Azure CLI) to perform resource discovery and analysis (SKILL.md, Tool Usage Patterns). While functional, it establishes a pattern of executing shell commands with parameters potentially derived from untrusted resource metadata.

azure-resource-visualizer