azure-storage-blob-rust
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a high-severity vulnerability surface for indirect prompt injection because it reads untrusted external data and has side-effect capabilities.
- Ingestion points: Data enters the agent's context through the
blob_client.download(None).await?call inSKILL.md. - Boundary markers: There are no delimiters or instructions provided to the agent to treat the downloaded blob content as untrusted data.
- Capability inventory: The skill includes
upload,delete, andcontainer_client.createoperations. An attacker could place a malicious prompt inside a blob that, when read by the agent, instructs it to delete other containers or upload sensitive data to an attacker-controlled blob. - Sanitization: No sanitization or validation is performed on the downloaded bytes before they are collected into the agent's memory.
- External Downloads (LOW): The skill installs external dependencies via
cargo add. - Evidence:
cargo add azure_storage_blob azure_identityinSKILL.md. - Trusted Source: The crates are maintained by the official
AzureGitHub organization, which is a trusted source. Per [TRUST-SCOPE-RULE], this finding is downgraded to LOW.
Recommendations
- AI detected serious security threats
Audit Metadata