azure-resource-lookup
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill generates and executes az graph query commands via extension_cli_generate. This is the intended behavior for resource discovery and is constrained to read-only KQL queries.
- EXTERNAL_DOWNLOADS (LOW): The skill may prompt for the installation of the resource-graph extension via az extension add. While this targets a trusted Microsoft source, dynamic package installation is a category finding and is downgraded to LOW per [TRUST-SCOPE-RULE].
- PROMPT_INJECTION (LOW): The skill processes untrusted data from Azure (Category 8: Indirect Prompt Injection). 1. Ingestion points: Results from az graph query (resource names, tags). 2. Boundary markers: No explicit delimiters or ignore-instructions are used for the output data. 3. Capability inventory: CLI execution and resource discovery. 4. Sanitization: No sanitization of the resource metadata is performed before passing to the agent.
Audit Metadata