azure-resource-manager-sql-dotnet
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): Potential for Indirect Prompt Injection. The skill enables an agent to take untrusted data and use it in high-privilege Azure Resource Manager (ARM) operations. 1. Ingestion points: User-provided parameters for resource names, IP addresses, and passwords in CreateOrUpdateAsync and DeleteAsync methods (SKILL.md, references/server-management.md, references/database-operations.md, references/elastic-pools.md). 2. Boundary markers: Absent. The provided C# code snippets do not include logic to delimit untrusted input from system instructions. 3. Capability inventory: High-privilege management-plane access including server/database deletion and firewall rule modification. 4. Sanitization: Absent. There is no evidence of input validation or sanitization for the parameters.
- [EXTERNAL_DOWNLOADS] (LOW): Skill instructs installation of Azure.ResourceManager.Sql and Azure.Identity. These are official packages from Microsoft (Trusted Source). Severity is downgraded per [TRUST-SCOPE-RULE].
- [CREDENTIALS_UNSAFE] (SAFE): Code examples use placeholders and generic example strings for credentials. No actual secrets are exposed.
Recommendations
- AI detected serious security threats
Audit Metadata