azure-resource-manager-cosmosdb-dotnet
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill enables full management plane operations (Create, Update, Delete) on Azure Cosmos DB resources. This allows an agent to modify cloud infrastructure, which is a high-privilege capability.
- [CREDENTIALS_UNSAFE] (HIGH): The skill includes explicit patterns for retrieving master account keys (
GetKeysAsync) and connection strings (GetConnectionStringsAsync). These are 'root' credentials for the database accounts. - [DATA_EXFILTRATION] (HIGH): Combined with network capabilities or standard output, the ability to fetch master keys allows an agent to exfiltrate full access credentials for the Azure environment.
- [Indirect Prompt Injection] (HIGH):
- Ingestion points: Resource names, configuration payloads, and metadata fields across all management operations.
- Boundary markers: None are present in the provided examples to separate instructions from resource data.
- Capability inventory: Full infrastructure CRUD (Create, Read, Update, Delete) and master key retrieval across
SKILL.md,references/account-management.md, andreferences/throughput.md. - Sanitization: No input validation or sanitization logic is provided to ensure that parameters like database names or configuration strings do not contain malicious instructions.
- [EXTERNAL_DOWNLOADS] (LOW): Downloads official Microsoft packages (
Azure.ResourceManager.CosmosDB,Azure.Identity) from NuGet. These are from a trusted organization (Microsoft), which downgrades the download risk per [TRUST-SCOPE-RULE].
Recommendations
- AI detected serious security threats
Audit Metadata