azure-ai-vision-imageanalysis-py
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted external content via OCR and image captioning.
- Ingestion points: Untrusted data enters through
image_urlinanalyze_from_urland local files inanalyze(SKILL.md). - Boundary markers: Absent; the skill does not provide delimiters or instructions to the agent to treat the vision results (OCR text, captions) as untrusted data.
- Capability inventory: The skill has network access (Azure API) and file-read capabilities, which can be leveraged if an agent obeys instructions extracted from an image.
- Sanitization: Absent; the output from Azure AI (text, tags, and captions) is passed directly to the agent without validation or escaping.
- [EXTERNAL_DOWNLOADS] (LOW): The skill installs
azure-ai-vision-imageanalysis. This is a Microsoft-maintained package. Under the [TRUST-SCOPE-RULE], downloads from trusted organizations like Microsoft are downgraded to LOW severity. - [DATA_EXFILTRATION] (LOW): The skill transmits image data and API keys to Azure Cognitive Services (
*.cognitiveservices.azure.com). While these are non-whitelisted domains, they are owned by a trusted organization (Microsoft) and are essential for the skill's function.
Audit Metadata