azure-architecture-autopilot
Warn
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill extensively uses the
powershelltool and theazCLI to perform Azure resource scanning, account management, and infrastructure deployment. - [REMOTE_CODE_EXECUTION]: The
scripts/cli.pyfile includes a utility that generates a Node.js script at runtime and executes it viasubprocess.runto convert HTML diagrams to PNG format. This dynamic generation uses string interpolation for file paths, creating a risk of code injection if user-provided project or resource names are malicious. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection in its 'Analyze & Modify' path. It reads data from existing Azure environments via
az resource list. Maliciously named Azure resources could contain instructions designed to override agent behavior during Bicep generation or architectural advice phases. - [EXTERNAL_DOWNLOADS]: The skill fetches documentation and technical specifications from
learn.microsoft.comandazure.microsoft.com. These are recognized as trusted official sources for Azure configuration data. - [COMMAND_EXECUTION]: The skill's diagram engine relies on executing local
pythonandnodebinaries to process and render architectural visualizations.
Audit Metadata