azure-bot
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to manage cloud infrastructure via the Azure CLI (
az). It provides templates for creating resource groups, app registrations, bot services, and deploying code to Azure App Service. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it interpolates user-provided strings (such as bot names and endpoints) into shell commands.
- Ingestion points: User-supplied values for parameters like
BOT_NAME,RESOURCE_GROUP, andENDPOINTare used throughout the command templates inSKILL.md. - Boundary markers: The skill does not explicitly define delimiters or shell-escaping mechanisms for the interpolated variables.
- Capability inventory: The agent is granted the capability to execute shell commands with broad permissions within the user's Azure subscription.
- Sanitization: The instructions provide natural language guidance on valid bot names (alphanumeric characters and hyphens), but the skill lacks technical enforcement or escaping for the shell environment.
Audit Metadata