azure-cli
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill documentation includes
az vm run-command invoke, a command that allows arbitrary shell scripts to be executed on remote Azure Virtual Machines. If the--scriptsargument is populated with untrusted content, it results in full remote system compromise. - [CREDENTIALS_UNSAFE] (HIGH): The skill exposes commands specifically designed to retrieve secrets, such as
az storage account keys listandaz storage account show-connection-string. An attacker could use these to gain unauthorized access to data stored in Azure. - [COMMAND_EXECUTION] (HIGH): Destructive commands like
az group deleteandaz aks deleteinclude the--yesflag, which bypasses confirmation prompts, increasing the risk of accidental or malicious resource destruction when automated by an agent. - [PROMPT_INJECTION] (HIGH): (Category 8: Indirect Prompt Injection) This skill acts as a high-privilege management interface. It lacks input validation or boundary markers for its command parameters. Because it can execute code and modify cloud infrastructure based on input strings, it is highly susceptible to indirect injection if the agent processes untrusted data (e.g., repository content or external user requests) and passes it to these CLI tools.
- [DATA_EXFILTRATION] (MEDIUM): The commands for
az storage blob downloadandaz storage blob uploadprovide a direct path for moving sensitive data from the local environment to external attacker-controlled storage or vice-versa.
Recommendations
- AI detected serious security threats
Audit Metadata