azure-keyvault-keys-ts
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- Secure Authentication Patterns: The skill correctly implements
DefaultAzureCredentialfor authentication, which is a best practice that automatically selects the most secure credential type based on the environment (e.g., Managed Identity in production, local CLI credentials in development). - Use of Official SDKs: The implementation relies exclusively on official Microsoft packages (
@azure/keyvault-keys,@azure/keyvault-secrets, and@azure/identity), ensuring reliability and adherence to expected behavior. - Data Handling and Environment Management: Configuration is handled through environment variables (
AZURE_KEYVAULT_NAME), avoiding hardcoded URLs or sensitive metadata within the skill files. - Indirect Prompt Injection Surface: Like any skill that retrieves data from external sources (in this case, Azure Key Vault secrets and key properties), there is a potential surface for indirect prompt injection if the retrieved content contains instructions. However, the skill treats this data as information for the user rather than instructions for the agent.
- Ingestion points: Data is ingested through
getSecret,getKey, and listing operations inSKILL.md,references/keys.md, andreferences/secrets.md. - Boundary markers: While explicit boundary markers are not shown in the snippets, the usage context is typically retrieving data for application configuration or cryptographic operations.
- Capability inventory: The skill is capable of reading, writing, and deleting keys and secrets, as well as performing cryptographic operations (sign, encrypt).
- Sanitization: The skill follows standard SDK practices, though users should ensure that data retrieved from secrets is handled appropriately by the agent context.
Audit Metadata