Skills
skills/microsoft/skills/azure-mgmt-apimanagement-dotnet/Gen Agent Trust Hub

azure-mgmt-apimanagement-dotnet

Fail

Audited by Gen Agent Trust Hub on Feb 14, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE] (HIGH): The skill contains patterns for retrieving and printing sensitive API Management subscription keys (Primary/Secondary). While functional, in an AI agent context, this leads to the exposure of credentials to the model's output or logs.
  • Evidence: references/products-subscriptions.md and SKILL.md both use subscription.GetSecretsAsync() and Console.WriteLine to display keys.
  • [PROMPT_INJECTION] (HIGH): Category 8 (Indirect Prompt Injection). The skill includes functionality to import API definitions from external URLs and files. An attacker-controlled OpenAPI specification or policy XML could contain instructions to influence the agent's behavior during the import or management process.
  • Ingestion Points: apis-operations.md uses ContentFormat.OpenApiJsonLink and File.ReadAllText for OpenAPI specs.
  • Boundary Markers: Absent. No sanitation or boundary markers are defined for the imported content.
  • Capability Inventory: High. The skill can create, update, and delete Azure infrastructure resources and retrieve secrets.
  • Sanitization: Absent. No validation of external OpenAPI schemas is mentioned.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill downloads official Microsoft SDKs from NuGet and fetches OpenAPI definitions from remote URLs.
  • Evidence: dotnet add package Azure.ResourceManager.ApiManagement and remote fetching from https://petstore.swagger.io/v2/swagger.json.
  • Trusted Source: NuGet and Microsoft-owned packages are trusted, downgrading this specific finding to LOW.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 14, 2026, 11:11 AM