azure-role-selector
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill exhibits an attack surface for indirect prompt injection as it processes untrusted user input (desired permissions) to query documentation and generate executable CLI/Bicep code.
- Ingestion points: User-provided strings describing desired access levels in the skill description and instructions.
- Boundary markers: Absent; there are no specific delimiters or instructions to ignore embedded commands within the user input.
- Capability inventory: The skill generates CLI commands and Bicep code snippets (azure__extension_cli_generate, azure__bicepschema). It does not directly execute these commands on the host.
- Sanitization: No explicit sanitization or validation of the input permissions is defined in the instructions.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file path access, or unauthorized network operations were detected.
- [Unverifiable Dependencies] (SAFE): The skill does not install external packages or execute remote scripts; it relies solely on internal tool definitions.
- [Obfuscation] (SAFE): No evidence of Base64, zero-width characters, or other encoding techniques intended to hide malicious intent.
Audit Metadata