azure-ai-projects-ts
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill instructs the user to install packages from @azure and @opentelemetry scopes via npm. These are trusted sources (Microsoft/Azure ecosystem) and the usage is consistent with the skill's primary purpose.
- [CREDENTIALS_UNSAFE] (SAFE): The skill demonstrates how to retrieve credentials from Azure connections using client.connections.getWithCredentials(). This is a core administrative functionality for the SDK. The documentation explicitly includes a 'Best Practices' section warning against logging these credentials and recommending Entra ID (AAD) over API keys.
- [COMMAND_EXECUTION] (SAFE): Code examples include configuring a code_interpreter tool for agents. This is an intended feature of the Azure AI platform where code execution occurs within managed, isolated containers.
- [DATA_EXFILTRATION] (SAFE): The skill shows how to upload local files and folders to Azure datasets. This is a standard operation for building and evaluating AI models and does not constitute unauthorized exfiltration in this context.
- [REMOTE_CODE_EXECUTION] (LOW): The skill mentions the Model Context Protocol (MCP) tool which connects to a remote server. While this involves remote interaction, it is a standard extensibility point for AI agents and the example requires explicit user approval ('require_approval: always').
Audit Metadata