create-azure-agent
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Python's
subprocessmodule to executeclaudeandcopilotCLI tools. These executions are core to the skill's purpose: performing automated evaluations of skill descriptions and running optimization loops to improve trigger rates. - Evidence: Found in
scripts/run_eval.py,scripts/improve_description.py, andscripts/run_loop.py. - [COMMAND_EXECUTION]: The
scripts/generate_review.pyutility executeslsofto manage port availability for its local visualization server. - [DATA_EXPOSURE]: The skill includes a local visualization tool (
scripts/generate_review.py) that starts a tiny HTTP server on127.0.0.1to serve evaluation reports and artifacts to the developer's browser. This is a standard developer workflow pattern for results visualization. - [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes external
SKILL.mdfiles provided by the user to generate Azure deployment wrappers. - Ingestion points:
scripts/scaffold_azure_agent.pyreads user-specifiedSKILL.mdfiles. - Boundary markers: Absent; the content is interpolated directly into templates.
- Capability inventory: The skill can write files to the local disk and execute
claudeCLI commands via subprocesses. - Sanitization: Uses Python string templates and
.format()for code generation. - [DYNAMIC_EXECUTION]: The skill dynamically generates Python orchestrators and Bicep infrastructure templates using Jinja2 or string templates. It also dynamically creates and deletes Markdown files in the
.claude/commands/directory during evaluation phases to test model trigger behavior.
Audit Metadata