azure-ai-projects-py
Pass
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: LOWCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- CREDENTIALS_UNSAFE (LOW): The skill documentation and examples demonstrate the use of
project_client.connections.get(..., include_credentials=True). While this is a legitimate SDK feature for managing Azure resources, it provides a programmatic path to retrieve secrets for external services (like Bing or AI Search) which could be abused if the agent is given autonomy to manage its own connections. - COMMAND_EXECUTION (LOW): The skill enables
CodeInterpreterToolandFunctionTool. These tools allow for the execution of Python code (within Azure's sandbox) and local Python functions respectively. These are intended features but represent a runtime execution surface that must be strictly bounded. - Indirect Prompt Injection (LOW): As a developer toolkit for building agents that ingest untrusted external data (via
BingGroundingTool,FileSearchTool, andAzureAISearchTool), the skill facilitates the creation of applications with a high attack surface for indirect prompt injection. Developers using this skill should implement sanitization and boundary markers in their downstream applications.
Audit Metadata