Skills
skills/hainamchung/agent-assistant/azure-ai-agents-python/Gen Agent Trust Hub

azure-ai-agents-python

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill installs azure-ai-agents, azure-identity, and azure-ai-projects via pip. These are official packages from Microsoft, which is a verified Trusted Organization. Per [TRUST-SCOPE-RULE], this finding is downgraded to LOW.
  • [COMMAND_EXECUTION] (HIGH): The skill implements CodeInterpreterTool and FunctionTool. These tools allow the agent to execute Python code and custom functions. This capability is inherent to the SDK's purpose but represents a significant security risk if the agent's logic is subverted.
  • [PROMPT_INJECTION] (HIGH): High Risk of Indirect Prompt Injection (Category 8). The skill builds agents that process untrusted data from multiple sources.
  • Ingestion points: client.messages.create (user input), FileSearchTool (uploaded document content), and BingGroundingTool (unfiltered web search results).
  • Boundary markers: No boundary markers, XML delimiters, or "ignore embedded instructions" warnings are present in the provided implementation examples.
  • Capability inventory: The agents have access to CodeInterpreterTool (Python execution), FunctionTool (arbitrary logic), and OpenApiTool (network requests).
  • Sanitization: No evidence of input sanitization or output validation before processing external content into the LLM context.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:36 PM