azure-mgmt-botservice-dotnet
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). The skill provides high-privilege management operations for Azure resources which can be influenced by untrusted external data.\n
- Ingestion points:
BotDataandBotChannelDataproperties inSKILL.md(e.g.,displayName,endpoint,Description).\n - Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are used when interpolating data into resource definitions.\n
- Capability inventory: Write/Execute capabilities including
CreateOrUpdateAsync,UpdateAsync, andDeleteAsyncfor Azure Bot and Channel resources.\n - Sanitization: Absent; no evidence of input validation or escaping for resource properties.\n- [EXTERNAL_DOWNLOADS] (LOW): Skill installs the
Azure.ResourceManager.BotServiceandAzure.IdentityNuGet packages.\n - Evidence:
dotnet add packagecommands inSKILL.md.\n - Trust Status: Downgraded to LOW per [TRUST-SCOPE-RULE] as the source (Microsoft) is in the Trusted External Sources list.\n- [CREDENTIALS_UNSAFE] (SAFE): Skill references Azure environment variables but correctly uses placeholders (e.g.,
<tenant-id>) and follows best practices by recommendingDefaultAzureCredential.
Recommendations
- AI detected serious security threats
Audit Metadata