azure-security-analyzer
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains comprehensive 'Verification Integrity Rules' (Rules 1-5) that explicitly forbid the agent from fabricating evidence or misrepresenting security status. These instructions serve as a safety guardrail against hallucination and ensuring the integrity of the security assessments.
- [DATA_EXFILTRATION]: The skill defines local file operations, such as saving security reports and gate statuses to the project's
.azure/deployments/directory. This is standard behavior for development-focused tools and does not involve unauthorized external data transmission. - [COMMAND_EXECUTION]: Core functionality is performed through a specific MCP tool (
mcp_azure_mcp_search). The shell commands mentioned in the instructions (like--deployment-id) are examples of user-provided arguments for local auditing and do not present a command injection risk in this context. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input in the form of ARM template JSON. While this is a data ingestion surface, the skill implements strict mitigation strategies by requiring the agent to cite exact property paths and values from the template, effectively validating assertions against the source data.
- [EXTERNAL_DOWNLOADS]: The skill references the 'Azure MCP bestpractices service' and Microsoft security documentation, which are official resources from the vendor (Azure/Microsoft) and are considered safe.
Audit Metadata