azure-resource-lookup
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- Standard Azure CLI Integration: The skill utilizes the
azcommand-line interface and the officialresource-graphextension. These are standard, well-documented tools for Azure administration provided by the vendor.\n- Read-Only Scope: The instructions specifically restrict the skill to resource discovery and health checks, explicitly prohibiting any deployment or modification of resources. This helps maintain a secure posture and prevents unintended changes to the infrastructure.\n- Controlled Command Generation: By usingextension_cli_generate, the skill structures the way KQL queries are built, ensuring they are focused on specific resource lookup tasks rather than arbitrary execution.\n- Resource Metadata Ingestion Surface: The skill processes external Azure resource data like names and tags. \n - Ingestion points: External metadata enters the context via
az graph queryresults in theazure-resource-lookupskill.\n - Boundary markers: No specific delimiters are used to separate resource data from instructions in the prompt construction.\n
- Capability inventory: The skill uses
az graph queryandextension_cli_generateacross its workflow.\n - Sanitization: No explicit sanitization or filtering of resource metadata is performed before the data is processed by the agent.\nWhile this represents a potential surface for indirect instruction, the risk is minimal given the skill's administrative purpose and the agent's constrained usage of the output.
Audit Metadata