azure-resource-visualizer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted metadata from Azure resources.\n
- Ingestion points: Untrusted resource data is fetched via
az resource listandaz network vnet showinSKILL.md.\n - Boundary markers: Absent. The skill does not implement delimiters or provide instructions to the agent to ignore embedded commands within resource properties.\n
- Capability inventory: The agent can execute terminal commands (
az) and write files to the workspace (e.g.,[rg-name]-architecture.md).\n - Sanitization: Absent. Resource names, tags, and properties are included directly in generated diagrams and markdown reports without validation.\n- [Command Execution] (LOW): The skill utilizes local shell execution for Azure resource discovery. The interpolation of resource or group names into terminal commands (
az resource list --resource-group <name>) without explicit sanitization creates a potential surface for command injection.
Audit Metadata