azure-storage-file-datalake-py
Audited by Gen Agent Trust Hub on Feb 13, 2026
The skill azure-storage-file-datalake-py is primarily descriptive, detailing the usage of the Azure Data Lake Storage Gen2 SDK for Python. It contains code snippets for various operations and installation instructions.
1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', role-play, developer mode activation) were found in the skill's name, description, or content.
2. Data Exfiltration: No attempts to access sensitive local files (e.g., ~/.aws/credentials, ~/.ssh/id_rsa) or exfiltrate data to non-whitelisted external domains were detected. The network operations implied by the SDK are directed towards legitimate Azure endpoints (https://<account>.dfs.core.windows.net). The references/acceptance-criteria.md file explicitly warns against hardcoding credentials, which is a good security practice.
3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, homoglyphs, or URL/hex/HTML encoding were found in either file.
4. Unverifiable Dependencies: The SKILL.md file includes the instruction pip install azure-storage-file-datalake azure-identity (Line 12). These are official Azure SDK packages. The references/acceptance-criteria.md file also references the Azure/azure-sdk-for-python GitHub repository. Since 'Azure' (under 'microsoft') is a trusted GitHub organization, this external dependency download is considered low risk. This is noted as a LOW severity finding.
5. Privilege Escalation: No commands like sudo, chmod +x, or chmod 777 were found that would attempt to escalate privileges.
6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying .bashrc, creating cron jobs, or altering SSH authorized_keys) were found.
7. Metadata Poisoning: The metadata fields (name, description, package) in SKILL.md are benign and accurately reflect the skill's purpose. No malicious instructions were embedded.
8. Indirect Prompt Injection: The skill does not process external, untrusted user input in a way that would make it susceptible to indirect prompt injection. It provides code examples for interacting with a data lake.
9. Time-Delayed / Conditional Attacks: No conditional logic based on dates, usage counters, or environment variables that could trigger malicious behavior at a later time were found.
Conclusion: The skill is well-behaved and primarily serves as documentation with code examples for a legitimate SDK. The only finding is the installation of external dependencies, which are from a trusted source, leading to a LOW verdict.