Skills
skills/microsoft/agent-skills/appinsights-instrumentation/Gen Agent Trust Hub

appinsights-instrumentation

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill recommends installing official Microsoft Azure Monitor OpenTelemetry packages via standard package managers (npm, pip, dotnet, maven). As these originate from a trusted organization (Microsoft), the risk level is downgraded to LOW per the Trust Scope Rule.
  • [COMMAND_EXECUTION] (SAFE): The PowerShell script scripts/appinsights.ps1 contains standard Azure CLI (az) commands for resource creation and configuration. These actions are transparent and aligned with the skill's stated purpose of Azure instrumentation.
  • [PROMPT_INJECTION] (LOW): The skill identifies an indirect prompt injection surface as it is instructed to analyze user source code to determine the framework.
  • Ingestion points: Application source code in the workspace (SKILL.md).
  • Boundary markers: Absent; the agent is not provided with specific delimiters for untrusted code.
  • Capability inventory: Azure CLI execution (scripts/appinsights.ps1) and code modification guidance.
  • Sanitization: Absent; no validation or escaping of ingested source code is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 03:34 AM