cosmosdb-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly tells the agent to "Run /azure-cosmosdb:generate-skills to sync with the latest rules from the agent-kit" and to load relevant rule files from the rules/ directory synced from the public GitHub repo AzureCosmosDB/cosmosdb-agent-kit, meaning the agent will fetch and interpret untrusted, third‑party content from the open web that can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs syncing rule files at runtime from the GitHub repository https://github.com/AzureCosmosDB/cosmosdb-agent-kit (via "/azure-cosmosdb:generate-skills"), which indicates external content would be fetched during skill execution and those rule files would directly control the agent's instructions/responses.