azure-validate
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): The skill uses directive language such as 'AUTHORITATIVE GUIDANCE' and 'supersedes prior training' to ensure the agent follows the specific validation workflow. While common in skill definitions, this matches internal patterns for behavior overriding.
- COMMAND_EXECUTION (SAFE): The skill instructions involve executing standard infrastructure commands (e.g.,
az bicep build,terraform plan,azd provision). These are the primary purpose of the skill and do not include arbitrary or malicious command strings. - EXTERNAL_DOWNLOADS (SAFE): Uses standard mechanisms for infrastructure tools, such as
terraform initwhich downloads providers, and MCP tool calls to install official Azure CLIs. These are directed at trusted or official sources. - PROMPT_INJECTION (LOW): Identified as a surface for Indirect Prompt Injection (Category 8).
- Ingestion points: Reads content from
.azure/plan.md,./infra/main.bicep,./infra/main.tf, and./azure.yaml. - Boundary markers: No specific delimiters (e.g., XML tags) are used to isolate untrusted infrastructure code from instructions.
- Capability inventory: The skill executes commands via
az,azd, andterraformwhich can perform extensive cloud and local operations. - Sanitization: No explicit sanitization or validation of the input file content is described before it is processed by the CLI tools.
Audit Metadata