azure-mgmt-botservice-py
Pass
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: LOW
Full Analysis
- EXTERNAL_DOWNLOADS (INFO): The skill installs 'azure-mgmt-botservice' and 'azure-identity' via pip. These are official packages maintained by Microsoft, which is a trusted organization per security policy. No untrusted remote scripts are executed.
- CREDENTIALS_UNSAFE (LOW): The 'List Channel Keys' section demonstrates how to retrieve and print Direct Line keys. While this is a functional requirement for management, developers should be aware that these keys will be visible in the agent's execution logs and response context.
- COMMAND_EXECUTION (SAFE): No arbitrary command execution or shell injection vectors were detected. The only shell commands are standard package installation steps.
- PROMPT_INJECTION (SAFE): No override instructions, bypass markers, or system prompt extraction patterns were found in the metadata or documentation.
- DATA_EXFILTRATION (SAFE): The skill does not perform unauthorized network requests. All operations are directed at the official Azure Management API endpoints via the SDK.
Audit Metadata