azure-observability
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill enables the agent to query and analyze external telemetry data from Azure Monitor and Log Analytics, creating a surface for indirect prompt injection. * Ingestion points: Results from monitor_logs_query and kusto_query commands referenced in SKILL.md. * Boundary markers: No specific markers or instructions to ignore embedded commands within log data are provided. * Capability inventory: Primarily read-only telemetry queries and resource management via CLI and MCP tools. * Sanitization: No sanitization of ingested log strings is mentioned in the referenced SDK documentation.
- [EXTERNAL_DOWNLOADS] (LOW): The skill references the installation of multiple external Azure SDK packages across various environments. * Evidence: References to pip install azure-monitor-*, npm install @azure/monitor-opentelemetry, and Maven dependency blocks. * Trust Status: Downgraded to LOW per [TRUST-SCOPE-RULE] as these refer to official packages from Microsoft/Azure, which is a trusted organization.
Audit Metadata