azure-ai-agents-persistent-dotnet
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the
Azure.AI.Agents.PersistentandAzure.Identitypackages via the NuGet package manager. These are official Microsoft libraries, which are well-known and trusted sources. - [DATA_EXPOSURE]: The skill follows security best practices by using
Environment.GetEnvironmentVariableto handle sensitive configuration data, such as resource endpoints and connection IDs, preventing the exposure of hardcoded secrets. - [PROMPT_INJECTION]: The skill provides an architecture for processing external data, which inherently introduces a surface for indirect prompt injection.
- Ingestion points: Data enters the agent's context through user messages created via
client.Messages.CreateMessageAsyncand files uploaded usingclient.Files.UploadFileAsync. - Boundary markers: The provided code snippets demonstrate the structural separation of roles (User/Assistant), though they do not explicitly show content delimiters or instruction-guarding prompts.
- Capability inventory: The agent is granted capabilities to execute code (via
CodeInterpreterToolDefinition), perform web searches (viaBingGroundingToolDefinition), and execute local application logic (viaFunctionToolDefinition). - Sanitization: While the SDK provides the framework, the example code does not demonstrate specific sanitization of the arguments passed to local functions like
ExecuteFunction; this responsibility is deferred to the developer implementing the tool logic.
Audit Metadata