Skills
skills/microsoft/skills/azure-cosmos-py/Gen Agent Trust Hub

azure-cosmos-py

Fail

Audited by Gen Agent Trust Hub on Feb 14, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): This skill creates a high-privilege attack surface where data retrieved from an external database could influence agent behavior.
  • Ingestion points: Data is ingested through container.query_items and container.read_item as documented in SKILL.md.
  • Boundary markers: No specific delimiters or boundary instructions are provided to the agent to mitigate the execution of instructions found in database records.
  • Capability inventory: The skill provides significant write and delete capabilities via create_item, replace_item, upsert_item, and delete_item in SKILL.md.
  • Sanitization: While the skill promotes parameterized queries to prevent SQL injection, it does not provide sanitization for instructions contained within the retrieved data itself.
  • [External Downloads] (LOW): The skill requires azure-cosmos and azure-identity. These are official Microsoft packages from a trusted source, so the severity of the download finding is downgraded per trust rules.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 14, 2026, 04:59 PM