Skills
skills/microsoft/agent-skills/azure-mgmt-fabric-py/Gen Agent Trust Hub

azure-mgmt-fabric-py

Pass

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: LOWEXTERNAL_DOWNLOADS
Full Analysis

The skill consists of two markdown files: SKILL.md and references/acceptance-criteria.md.

SKILL.md Analysis:

  1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', role-play instructions) were found.
  2. Data Exfiltration: The skill uses os.environ to retrieve Azure subscription and resource group IDs, which is a standard and secure practice. It then uses the azure-mgmt-fabric SDK to interact with Azure APIs. These network operations are legitimate and target trusted Microsoft domains. No access to sensitive local files (e.g., ~/.ssh/id_rsa) or exfiltration to untrusted external domains was detected.
  3. Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were found.
  4. Unverifiable Dependencies: The skill instructs pip install azure-mgmt-fabric and pip install azure-identity. Both azure-mgmt-fabric and azure-identity are official Azure SDK packages maintained by Microsoft, which is a trusted GitHub organization (Azure on GitHub). This is noted as a LOW/INFO finding due to being a trusted external source.
  5. Privilege Escalation: No commands like sudo, chmod +x, or modifications to system files were found.
  6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying .bashrc, creating cron jobs) were detected.
  7. Metadata Poisoning: The skill's metadata (name, description) is benign and accurately reflects its purpose.
  8. Indirect Prompt Injection: The skill interacts with external APIs (Azure). While any interaction with external data carries an inherent, general risk of indirect prompt injection if the external data itself is malicious, the skill's code does not introduce specific vulnerabilities in this regard. This is an INFO-level general risk for skills processing external content.
  9. Time-Delayed / Conditional Attacks: No conditional logic or time-based triggers for malicious behavior were found.

references/acceptance-criteria.md Analysis: This file serves as a reference document for validating generated code and does not contain executable instructions for the agent. It reinforces secure practices, such as avoiding hardcoded credentials and using DefaultAzureCredential. It explicitly references https://github.com/Azure/azure-sdk-for-python as the repository for the SDK, confirming the trusted source for dependencies.

Conclusion: The skill is well-structured, uses official and trusted libraries, and follows recommended security practices for interacting with Azure. The only external dependencies are from Microsoft, which are considered trusted sources. Therefore, the overall risk is minimal.

Audit Metadata
Risk Level
LOW
Analyzed
Feb 13, 2026, 10:25 AM