azd-deployment
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill facilitates arbitrary shell command execution by documenting and providing templates for azd lifecycle hooks (e.g., preprovision, postprovision) in the azure.yaml file.
- [CREDENTIALS_UNSAFE] (INFO): A mock OpenAI secret (sk-12345) is present in the acceptance criteria, but it is used specifically as a negative example of an anti-pattern.
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill exposes the agent to indirect prompt injection by instructing it to process and act upon untrusted project configuration files. 1. Ingestion points: azure.yaml, infra/*.bicep, and main.parameters.json files. 2. Boundary markers: No delimiters or ignore-instructions warnings are specified in the templates. 3. Capability inventory: Local shell command execution via hooks and high-privilege Azure resource provisioning. 4. Sanitization: No sanitization or validation of the contents of these configuration files is described before execution.
Recommendations
- AI detected serious security threats
Audit Metadata