Skills
skills/azure/git-ape/azure-drift-detector/Gen Agent Trust Hub

azure-drift-detector

Warn

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/accept-drift.sh contains a command injection vulnerability where user-provided input is interpolated into a shell heredoc. The --reason argument (or interactive read input) is placed directly into a double-quoted heredoc (cat >> ... <<EOF), which allows the shell to evaluate command substitutions like $(...) if they are included in the reason string.
  • [COMMAND_EXECUTION]: Multiple scripts (detect-drift.sh, accept-drift.sh, drift-check-all.sh) use unsafe word splitting in for loops when iterating over resource IDs, names, or tag keys obtained from jq. If these identifiers contain spaces or shell metacharacters, it can lead to unexpected command execution or script failure.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data from Azure resource properties and interpolates it into markdown reports and logs without sanitization. (Evidence Chain: Ingestion points: Azure resource properties fetched via az resource show in scripts/detect-drift.sh; Boundary markers: Absent; Capability inventory: Cloud resource modification via az deployment group create and file system writes; Sanitization: None identified; data is extracted via jq and directly embedded into output files).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 13, 2026, 08:30 PM