azure-mgmt-apimanagement-py
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill installs 'azure-mgmt-apimanagement' and 'azure-identity'. These are official Microsoft packages and are considered trusted sources per [TRUST-SCOPE-RULE].
- [DATA_EXFILTRATION] (HIGH): Data Exposure finding. The skill explicitly demonstrates printing the 'subscription.primary_key'. This practice exposes highly sensitive administrative credentials to the agent's output context or logs, which could be captured by unauthorized parties.
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability surface (Category 8).
- Ingestion points: The skill fetches external OpenAPI definitions via the 'ContentFormat.OPENAPI_LINK' parameter from arbitrary URLs (e.g., swagger.io) in 'SKILL.md'.
- Boundary markers: None. External content is ingested and processed without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill possesses high-privilege write capabilities, including the ability to create/update APIs, backends, secrets, and XML-based policies in 'SKILL.md'.
- Sanitization: None. The skill assumes the integrity of external specs. A malicious OpenAPI specification could contain instructions to manipulate the agent or lead to the deployment of insecure infrastructure (e.g., unauthorized backends or policy-based data exfiltration).
Recommendations
- AI detected serious security threats
Audit Metadata