azure-identity-py
Audited by Gen Agent Trust Hub on Feb 13, 2026
The skill consists of two markdown files: SKILL.md and references/acceptance-criteria.md. Both files primarily provide documentation, code examples, and best practices for using the Azure Identity SDK for Python. No executable scripts are present within the skill files themselves.
1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'jailbreak') were found in either file.
2. Data Exfiltration: The skill explicitly warns against hardcoding credentials and demonstrates the use of environment variables (os.environ) for sensitive information, which is a secure practice. No commands or code snippets were found that attempt to read sensitive files (e.g., ~/.aws/credentials, ~/.ssh/id_rsa) or exfiltrate data to external, untrusted domains.
3. Obfuscation: No obfuscation techniques (e.g., Base64 encoding, zero-width characters, homoglyphs, URL/hex/HTML encoding) were detected in either file.
4. Unverifiable Dependencies:
SKILL.md(Line 15) instructs the user to runpip install azure-identity. While this is an external dependency,azure-identityis part of the official Microsoft Azure SDK for Python, andmicrosoftis a trusted GitHub organization. Therefore, this finding is downgraded to LOW/INFO severity as it refers to a trusted external source.
5. Privilege Escalation: No commands or instructions were found that attempt to escalate privileges (e.g., sudo, chmod 777, service installation).
6. Persistence Mechanisms: No instructions were found that attempt to establish persistence (e.g., modifying ~/.bashrc, crontab, authorized_keys).
7. Metadata Poisoning: The name and description fields in SKILL.md are benign and accurately reflect the skill's purpose. No malicious instructions were found embedded in metadata.
8. Indirect Prompt Injection: The skill does not process external user-provided content, so it is not susceptible to indirect prompt injection.
9. Time-Delayed / Conditional Attacks: No conditional logic based on time, usage, or environment variables was found that could trigger malicious behavior.
Conclusion: The skill is well-documented and promotes secure coding practices (e.g., not hardcoding secrets). The only external dependency is from a trusted source. No active threats were identified.