azure-ai-document-intelligence-ts
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the installation of
@azure-rest/ai-document-intelligenceand@azure/identityfrom the official npm registry. These are well-known, official libraries maintained by Microsoft Azure. - [DATA_EXFILTRATION]: The skill transmits document content to Azure Cognitive Services endpoints (e.g.,
cognitiveservices.azure.com) for analysis. This is documented as the primary function of the skill and utilizes well-known service infrastructure. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection (Category 8) by design.
- Ingestion points: The skill ingests untrusted data from external sources via the
urlSourceandbase64Sourceparameters inSKILL.md. - Boundary markers: The provided code examples do not demonstrate the use of delimiters or specific instructions to the agent to ignore potentially malicious commands embedded within the documents being analyzed.
- Capability inventory: The skill possesses the capability to read local files (via
readFile), write files (viawriteFilein the acceptance criteria), and perform network communication with Azure APIs. - Sanitization: There is no evidence of sanitization or filtering applied to the text extracted by the service (e.g.,
result.analyzeResult?.content) before it is returned to the agent context.
Audit Metadata