azure-cosmos-py
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- Managed Identity Authentication: The skill demonstrates the use of
DefaultAzureCredential, which is a security best practice for Azure services as it avoids the need for hardcoded secrets and supports various authentication environments. - Injection Mitigation: The reference guides explicitly warn against string interpolation in queries and provide detailed examples of parameterized queries. This follows the principle of least privilege and protects against query injection.
- Official Package Usage: The installation instructions utilize official, versioned packages (
azure-cosmos,azure-identity) from Microsoft, ensuring the use of trusted code for interacting with Azure services. - Data Handling Considerations: The skill processes data from external database sources. While this presents a potential indirect injection surface, the implementation mitigates this through safe practices:
- Ingestion points: Data enters via
container.read_iteminSKILL.mdandcontainer.query_itemsinreferences/query-patterns.md. - Boundary markers: The skill consistently uses parameterized queries to separate data from instructions.
- Capability inventory: The skill is scoped to database operations using the standard
azure-cosmoslibrary. - Sanitization: The instructions emphasize parameterization and the use of SDK-provided methods for safe data retrieval and handling.
Audit Metadata