Skills
skills/microsoft/skills/azure-appconfiguration-py/Gen Agent Trust Hub

azure-appconfiguration-py

Warn

Audited by Gen Agent Trust Hub on Feb 14, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • External Downloads (LOW): The skill installs azure-appconfiguration via pip. This is a verified package from a trusted organization (Microsoft).
  • Indirect Prompt Injection (MEDIUM): The skill retrieves data from a remote configuration service which could contain malicious instructions. Evidence: 1. Ingestion points: client.get_configuration_setting and client.list_configuration_settings in SKILL.md. 2. Boundary markers: None detected. 3. Capability inventory: The skill can create, update, and delete settings via client.set_configuration_setting and client.delete_configuration_setting which can modify remote state. 4. Sanitization: None detected in the provided examples.
  • Credentials (SAFE): The skill demonstrates secure practices by utilizing DefaultAzureCredential and environment variables for connection strings rather than hardcoded secrets.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 14, 2026, 04:58 PM