azure-sdk-mgmt-pr-review
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Command Execution: The skill executes a
dotnet buildcommand in Phase 3 to detect breaking changes. This involves running the build system on the code within the pull request. While this is a standard and necessary part of the API review process, it represents a point where scripts and compilation logic from the untrusted PR are executed. - External Resource Retrieval: In Phase 2, the skill fetches baseline API surface files from the repository's git tags. This is a routine operation used to compare the PR's changes against the previous stable release and is conducted within the context of the official repository.
- Indirect Prompt Injection Surface: The skill processes and analyzes untrusted data from pull request files which creates a potential surface for indirect prompt injection. * Ingestion points: Data is read from PR artifacts including
.csproj,CHANGELOG.md, and C# source files. * Boundary markers: The instructions do not define specific delimiters or instructions to differentiate between reviewed data and the agent's core instructions. * Capability inventory: The agent has the capability to execute build commands and add comments to the GitHub PR. * Sanitization: No explicit sanitization or validation of the ingested PR content is performed before it is analyzed or used in outputs.
Audit Metadata