azure-ml-deployer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to indirect injection attacks because it combines high-privilege write/execute tools with external data processing.
- Ingestion points: The skill reads and processes user requests and external deployment-related files (via
ReadandGreptools) which may contain malicious instructions. - Boundary markers: Absent. There are no delimiters or instructions provided to help the agent distinguish between its core logic and data-embedded instructions.
- Capability inventory: The skill allows the use of
Bash(arbitrary command execution) as well asWriteandEdit(filesystem modification). - Sanitization: None detected. No mechanisms are described to validate or escape external content before it is processed by the high-privilege tools.
- [Command Execution] (MEDIUM): The skill explicitly requests the
Bashtool. In the context of ML deployment (which often involves handling environment variables and secrets), providing unrestricted shell access to an agent processing untrusted project files is a significant security risk.
Recommendations
- AI detected serious security threats
Audit Metadata