azure-ai-projects-dotnet
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill outlines a workflow for creating AI agents that ingest data from external sources, creating a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context through user messages in 'SKILL.md' and external data fetched via 'WebSearchTool' or 'FileSearchTool'.
- Boundary markers: Code examples do not demonstrate the use of delimiters or specific system instructions to prevent the model from following commands found in external data.
- Capability inventory: Agents can be configured with powerful tools such as 'CodeInterpreterToolDefinition' (code execution) and 'FunctionToolDefinition' (custom API calls), which increases the potential impact of successful injection.
- Sanitization: The provided documentation does not include steps for sanitizing or validating inputs retrieved from external tools before processing by the LLM.
- [EXTERNAL_DOWNLOADS]: The skill references several external packages from trusted sources.
- Evidence: Instructions include installing official NuGet packages like 'Azure.AI.Projects', 'Azure.Identity', and 'Azure.AI.OpenAI' which are maintained by the trusted organizations Microsoft and Azure.
Audit Metadata