azure-ai-ml-py
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill installs the
azure-ai-mlpackage. As this is an official Microsoft package, the download risk is considered low under [TRUST-SCOPE-RULE]. - [Indirect Prompt Injection] (HIGH): The skill has a significant injection surface because it can execute code and commands based on untrusted external data. 1. Ingestion points: Ingests local files (
./src), configurations (./environment.yml), and remote data assets. 2. Boundary markers: None present. 3. Capability inventory: High-impact actions like job submission and compute management. 4. Sanitization: No sanitization of code or parameters is performed. - [Dynamic Execution] (HIGH): The use of command templates (e.g.,
python train.py --data ${{inputs.data}}) allows for the creation and execution of code strings on Azure compute. If inputs are sourced from untrusted data, this could be exploited. - [Data Exposure & Exfiltration] (LOW): It accesses sensitive environment variables like
AZURE_SUBSCRIPTION_ID. While necessary for operation, this sensitive metadata is accessed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata