foundry-sdk-python
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions, behavior overrides, or bypass patterns were detected. Examples use standard assistant instructions.\n- [Data Exposure & Exfiltration] (SAFE): Authentication is handled via DefaultAzureCredential, avoiding hardcoded secrets. Resource endpoints are configured via environment variables. Network access is restricted to Azure service endpoints.\n- [Obfuscation] (SAFE): The content is clear and human-readable. No encoded strings, zero-width characters, or homoglyphs were found.\n- [Unverifiable Dependencies & Remote Code Execution] (SAFE): Installation instructions use official Microsoft packages (azure-ai-projects, azure-identity). No suspicious remote code execution or shell-piping patterns were identified.\n- [Indirect Prompt Injection] (LOW): The skill documents building agents that ingest external data and possess powerful capabilities.\n
- Ingestion points:
client.agents.messages.create(SKILL.md) andclient.agents.files.upload_and_poll(references/agents.md).\n - Boundary markers: Personas like 'helpful assistant' are shown, but adversarial boundary markers (delimiters) are not explicitly implemented in examples.\n
- Capability inventory: Agents can use
CodeInterpreterTool(Python execution),BingGroundingTool(web search), andOpenApiTool(REST APIs) as detailed in references/tools.md.\n - Sanitization: Standard SDK usage is demonstrated; application-specific input sanitization is not included in the examples.
Audit Metadata