appinsights-instrumentation
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends the installation of official Microsoft and Azure telemetry packages from standard repositories like NuGet, NPM, and PyPI. These are well-known and trusted sources.
- [COMMAND_EXECUTION]: Provides PowerShell scripts that use the Azure CLI (az) to manage resources and configure environment variables. These are standard operations for instrumentation tasks.
- [DATA_EXFILTRATION]: Guides the user in querying and setting Application Insights connection strings as environment variables. This involves sensitive data but is necessary for the skill's purpose and shows no signs of unauthorized transmission.
- [PROMPT_INJECTION]: The skill processes user-provided context such as programming language and hosting environments, which constitutes a potential surface for indirect prompt injection. The skill lacks explicit sanitization or boundary markers for this untrusted input. (Ingestion points: SKILL.md 'Collect context information'; Capability inventory: Code modification suggestions and CLI command generation).
Audit Metadata