researching-azure-ai-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to run a subagent that searches and reads public third‑party sources (e.g., github.com/Azure/azure-sdk-for-net, github.com/microsoft-foundry/foundry-samples and other GitHub/Docs URLs) and to return method signatures/patterns that will be used to drive decisions, so untrusted public content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill contains a runtime subagent prompt that instructs searching and reading external GitHub repositories (e.g., https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/ai/Azure.AI.Projects), meaning the agent will fetch remote repository content at runtime and incorporate it into its responses (i.e., directly influencing prompts/context).