The Agent Skills Directory

[SAFE]: No malicious code, obfuscation, or safety bypass patterns were detected across the skill files. The implementation follows security best practices for AI agent tools.
[COMMAND_EXECUTION]: The skill executes local shell scripts that wrap curl and jq. These scripts are designed to handle user-supplied search queries safely, using jq to properly encode and embed inputs into JSON payloads, thereby preventing injection attacks.
[CREDENTIALS_UNSAFE]: Authentication credentials are managed securely. The skill stores API keys in a config file with restricted permissions (0600) and uses umask 077 to protect temporary files. It also uses curl's configuration input mechanism to ensure API keys do not appear in system process logs.
[DATA_EXFILTRATION]: The skill communicates only with user-defined Azure endpoints. It includes validation logic to ensure connections use HTTPS and provides warnings if the endpoint does not match expected Azure domains, effectively preventing unauthorized data transmission.

azure-foundry-websearch