azure-observability
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFENO_CODE
Full Analysis
- General (SAFE): The skill is composed entirely of markdown documentation providing references for Azure Monitor, Log Analytics, and Application Insights. No executable code or automation scripts are included in the package.
- Data Exposure (SAFE): The documentation correctly recommends security best practices, such as using Azure Identity (DefaultAzureCredential) and Azure Key Vault for connection strings. No hardcoded credentials, API keys, or sensitive local file paths were detected.
- Indirect Prompt Injection (LOW): The skill describes tools for querying logs (e.g., monitor_logs_query), which presents a potential surface for indirect prompt injection if an attacker places malicious instructions in the logs of a monitored system. (1) Ingestion points: azure__monitor and azure__kusto query tools. (2) Boundary markers: Not specified in documentation. (3) Capability inventory: CLI commands and SDK query methods. (4) Sanitization: Not explicitly addressed in the markdown reference. This is an inherent risk of log analysis tools rather than a specific flaw in this skill.
- Code Execution (SAFE): The documentation lists standard package installation commands (pip, npm, maven) and CLI usage for developer reference. These are informational and are not executed by the skill itself.
Audit Metadata