Skills
skills/microsoft/skills/azure-storage-file-share-py/Gen Agent Trust Hub

azure-storage-file-share-py

Fail

Audited by Gen Agent Trust Hub on Feb 14, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill presents a high-risk surface for indirect prompt injection attacks. It reads data from external Azure shares and possesses capabilities that allow for destructive side effects or data manipulation. • Ingestion points: file_client.download_file().readall() and directory_client.list_directories_and_files() in SKILL.md. • Boundary markers: No markers or warnings to ignore instructions within files are present. • Capability inventory: create_share, delete_share, delete_directory, upload_file, delete_file, and start_copy_from_url in SKILL.md. • Sanitization: None.
  • [Data Exfiltration] (MEDIUM): The upload_file and start_copy_from_url methods provide a direct mechanism for moving sensitive local data or files to a remote Azure storage account controlled by an external actor.
  • [External Downloads] (LOW): The skill depends on azure-storage-file-share and azure-identity. These packages are maintained by Microsoft/Azure and are classified as trusted sources, which downgrades the download finding severity to LOW per the [TRUST-SCOPE-RULE].
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 14, 2026, 05:00 PM