azure-resource-visualizer
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests Azure resource metadata such as names, tags, and configuration details which are external and potentially attacker-controlled. Malicious instructions embedded in this metadata could influence agent behavior or pollute the generated documentation.
- Ingestion points: Metadata retrieved via 'az resource list' and resource-specific show commands.
- Boundary markers: Absent; no delimiters are defined to isolate untrusted resource data from agent instructions.
- Capability inventory: Shell command execution via 'az' CLI and file creation capabilities.
- Sanitization: Absent; there are no instructions to validate or escape metadata before interpolation into prompts or markdown files.
- [COMMAND_EXECUTION] (LOW): The skill utilizes the Azure CLI ('az') for infrastructure discovery. The risk is minimized by explicit instructions to perform only read-only operations and never modify or delete resources.
Audit Metadata