appinsights-instrumentation
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection Surface: The skill is designed to analyze the source code in a user's workspace to identify the programming language and framework. While necessary for providing accurate instrumentation guidance, this creates a surface where specially crafted content in the workspace files could potentially influence the agent's behavior.
- Ingestion points: Processes workspace source code to determine the framework and hosting environment (as described in SKILL.md).
- Boundary markers: There are no specific delimiters or instructions provided to ignore potential embedded commands within the analyzed source code.
- Capability inventory: The skill utilizes Azure CLI for resource management (scripts/appinsights.ps1) and provides instructions for modifying application source code and infrastructure-as-code (Bicep) files.
- Sanitization: The instructions do not specify sanitization or validation steps for the data retrieved from the workspace.
- External Command Execution: The skill includes PowerShell scripts that execute Azure CLI (
az) commands to create and configure cloud resources. These commands are standard for Azure management and are used here to facilitate the setup of monitoring infrastructure. - Application Code Modification: The guidance encourages modifying application entry points (e.g., Program.cs, main files) to initialize telemetry. This is the primary intended function of the skill to enable Application Performance Monitoring (APM).
Audit Metadata