azure-ai-projects-ts
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified in the evaluation workflows.
- Ingestion points: Untrusted data is ingested via the
evaluationDataanddatasetIdparameters inreferences/evaluations.md. - Boundary markers: The evaluation prompt templates in
references/evaluations.mddo not utilize delimiters or specific instructions to isolate user-provided content in the{{response}}field. - Capability inventory: The
client.evaluations.createmethod (inSKILL.mdandreferences/evaluations.md) allows the agent to execute LLM calls over external data. - Sanitization: No sanitization or validation logic is demonstrated for the content being processed.
- [EXTERNAL_DOWNLOADS]: Fetches configuration and SDK libraries from trusted sources.
- Evidence: The skill requires the
@azure/ai-projectsand@azure/identitypackages, which are official Microsoft libraries from a well-known service provider. - [DATA_EXFILTRATION]: Facilitates access to Azure resource connections and credentials.
- Evidence: The skill utilizes
client.connections.getWithCredentials(inreferences/connections.md) to retrieve API keys and tokens for linked Azure services, which is its primary intended function for resource integration.
Audit Metadata