appinsights-instrumentation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its data ingestion patterns.
- Ingestion points: The main skill instructions (SKILL.md) direct the agent to 'Read the source code to make an educated guess' about the programming language and framework.
- Boundary markers: Absent. There are no instructions to the agent to treat source code as untrusted data or to use specific delimiters.
- Capability inventory: The skill has the ability to execute Azure CLI commands (az), install system/language packages (npm, pip, dotnet), and modify the user's source code.
- Sanitization: Absent. No escaping or validation is performed on the content read from the workspace before it influences the agent's decision-making flow.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references and installs official Microsoft packages (Azure.Monitor.OpenTelemetry.AspNetCore, @azure/monitor-opentelemetry, and azure-monitor-opentelemetry) from trusted registries. These qualify for downgraded severity under [TRUST-SCOPE-RULE].
- [COMMAND_EXECUTION] (SAFE): The skill utilizes standard Azure CLI (az) commands for resource creation and environment configuration, which are consistent with its stated purpose of cloud infrastructure management.
Audit Metadata