azure-keyvault-secrets-ts
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill utilizes official, well-maintained packages from a trusted organization (@azure/keyvault-secrets, @azure/identity, @azure/keyvault-keys). Per [TRUST-SCOPE-RULE], these are considered safe as they are from a primary trusted source.
- CREDENTIALS_UNSAFE (SAFE): The skill and its acceptance criteria explicitly warn against hardcoding secrets. It correctly implements DefaultAzureCredential, which supports secure authentication methods like Managed Identity and Environment Variables without exposing sensitive material in the code.
- DATA_EXFILTRATION (SAFE): No evidence of unauthorized data transfer was found. Network operations are strictly confined to the specified Azure Key Vault URL.
- PROMPT_INJECTION (SAFE): While the skill allows the agent to read secrets from an external source (Azure Key Vault), this capability is the primary intended purpose and no evidence of unsafe interpolation of these secrets into system prompts or instructions is present in the provided documentation.
Audit Metadata