azure-cosmos-db-py
Pass
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: LOW
Full Analysis
- [PROMPT_INJECTION] (SAFE): No attempts to override system prompts, bypass safety filters, or extract underlying instructions were detected.
- [CREDENTIALS_UNSAFE] (LOW): The skill contains the hardcoded Azure Cosmos DB Emulator key (
C2y6yDjf5/R+ob0N8A7Cgv30...). This is a publicly documented key used globally for local testing and does not pose a security risk. The skill explicitly warns users to never store production keys in code and mandates RBAC for Azure environments. - [DATA_EXFILTRATION] (SAFE): No suspicious network activity or attempts to access sensitive local files (~/.ssh, ~/.aws) were found. All network operations are directed at legitimate Azure endpoints defined by the user.
- [REMOTE_CODE_EXECUTION] (SAFE): The skill does not perform any remote script downloads or execute code from external URLs. All dependencies are standard packages from PyPI.
- [INDIRECT_PROMPT_INJECTION] (LOW): As a code generation skill, there is an inherent surface for generating vulnerable code. However, the skill mitigates this by providing templates that strictly use parameterized SQL queries (
@parametersyntax) and structured Pydantic models, which are the primary defenses against injection in this context. - [COMMAND_EXECUTION] (SAFE): The skill does not use subprocess, os.system, or any other mechanism to execute arbitrary shell commands.
- [OBFUSCATION] (SAFE): No Base64, zero-width characters, or homoglyph-based obfuscation techniques were identified in the source code or instructions.
Audit Metadata