Skills
skills/crtvrffnrt/skills/incident-response-bec/Gen Agent Trust Hub

incident-response-bec

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses az rest and az account show to retrieve investigative data from Microsoft environments. This is standard behavior for an incident response skill.
  • [EXTERNAL_DOWNLOADS]: Communicates with graph.microsoft.com to fetch audit logs and user mailbox settings. As a well-known service, this communication is considered safe and appropriate for the skill's forensic utility.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external data from Microsoft Graph which could contain attacker-controlled strings.
  • Ingestion points: JSON output from az rest queries.
  • Boundary markers: Not present.
  • Capability inventory: Shell command execution via az CLI across the instruction set.
  • Sanitization: No explicit filtering or sanitization of the API responses is defined.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 09:07 AM