create-azure-agent
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading the contents of a local SKILL.md file and interpolating the text directly into a generated Python script's instructions. If the source file contains malicious instructions, they will be embedded in the output agent configuration.\n
- Ingestion points: scripts/scaffold_azure_agent.py reads content from the target SKILL.md.\n
- Boundary markers: Absent. The content is placed inside a string literal in the Python template without escaping.\n
- Capability inventory: The skill has filesystem write access via Path.write_text to create the deployment directory.\n
- Sanitization: Absent. No filtering or escaping is applied to the input text before templating.\n- [COMMAND_EXECUTION]: The scripts/scaffold_azure_agent.py script uses string formatting to generate executable Python code. It does not sanitize the skill_name (derived from the directory name) or the file contents. This allows for injection of arbitrary Python code or arguments into the generated azure_agent.py file if the user scaffolds a maliciously named directory.
Audit Metadata