hosted-agents-v2-py
Pass
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: LOW
Full Analysis
- EXTERNAL_DOWNLOADS (INFO): The skill requires 'azure-ai-projects' and 'azure-identity' which are official SDKs from Microsoft, a trusted organization. Finding is downgraded to INFO per trust rules.
- REMOTE_CODE_EXECUTION (INFO): The skill documents how to deploy hosted agents that run custom container images and use code execution tools. While this creates a high-capability environment, it is the intended functionality of the Azure service and is performed through official API calls.
- CREDENTIALS_UNSAFE (SAFE): The skill demonstrates best practices by using 'DefaultAzureCredential' and environment variables for the project endpoint, avoiding any hardcoded secrets.
- INDIRECT_PROMPT_INJECTION (LOW): The architecture described (agents with code_interpreter and mcp tools) possesses an attack surface for indirect prompt injection. 1. Ingestion points: Agent interactions via RESPONSES protocol. 2. Boundary markers: Not specified in this deployment template. 3. Capability inventory: code_interpreter, file_search, mcp (network tool calls). 4. Sanitization: Not provided in the boilerplate. This is an architectural risk of the feature, not a malicious pattern in the skill code.
Audit Metadata