Skills
NYC
skills/aktsmm/agent-skills/azure-env-builder/Gen Agent Trust Hub

azure-env-builder

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect prompt injection surface in references/cicd-templates/github-actions.yml. (1) Ingestion point: github.event.inputs.environment. (2) Boundary markers: Absent. (3) Capability inventory: Executes curl in a shell environment. (4) Sanitization: Absent; the input is interpolated directly into a shell command, potentially allowing an attacker to manipulate the JSON payload sent to the Slack webhook.
  • [COMMAND_EXECUTION] (LOW): The script scripts/preview_cli.ps1 executes local PowerShell files based on a path constructed from the Environment parameter. This provides a capability surface for executing code within specific directory structures.
  • [DATA_EXFILTRATION] (LOW): The github-actions.yml template contains a network operation (curl) targeting a non-whitelisted domain (Slack) for notifications. While intended for status reporting using secrets, it is a network operation to an external endpoint.
  • [CREDENTIALS_UNSAFE] (SAFE): No hardcoded credentials or secrets were identified in the files; all examples use standard placeholders or reference environment variables/secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:12 PM