azure-monitor-opentelemetry-py
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): Indirect Prompt Injection Surface. The skill facilitates the ingestion of untrusted application data (logs, traces, metrics) and its transmission to external Azure endpoints.\n
- Ingestion points: Data enters the agent context through calls to
logger.info,tracer.start_as_current_span, andcounter.addas demonstrated inSKILL.md.\n - Boundary markers: Absent; the library and examples do not implement delimiters or 'ignore' instructions for the data being logged or traced.\n
- Capability inventory: The skill enables network transmission of telemetry data to Azure Ingestion endpoints (e.g.,
applicationinsights.azure.com) as configured via the connection string.\n - Sanitization: No sanitization or filtering of log/trace content is performed by the distro itself, allowing potentially malicious instructions in application data to be transmitted.\n- [EXTERNAL_DOWNLOADS] (LOW): The skill requires several Python packages including
azure-monitor-opentelemetry,azure-identity, andopentelemetry-api. These are provided by Microsoft (azureorganization) and the OpenTelemetry project, which are trusted sources; therefore, the dependency finding is downgraded per [TRUST-SCOPE-RULE].\n- [SAFE] (INFO): Automated Scanner Alert Analysis. The 'Malicious URL' alert forlogger.infois a false positive. The scanner misidentified a standard Python logging method call as a blacklisted domain.\n- [CREDENTIALS_UNSAFE] (SAFE): The skill properly handles sensitive information by using placeholders (xxx) in examples and recommending the use of environment variables orDefaultAzureCredentialfor production authentication, adhering to security best practices.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata