azure-ai-projects-dotnet
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides installation instructions for official Microsoft Azure SDK packages (Azure.AI.Projects, Azure.Identity, Azure.AI.Projects.OpenAI) from the NuGet registry, which is a well-known and trusted service.
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection through its data ingestion and agent execution capabilities.
- Ingestion points: The Datasets section in SKILL.md provides methods to upload local files and folders (
UploadFile,UploadFolder) into the Azure AI environment. - Boundary markers: The provided C# code snippets do not include explicit boundary markers or system instructions to the AI to ignore embedded commands within ingested datasets.
- Capability inventory: The skill provides access to create and run persistent and versioned agents (
CreateAgentAsync,CreateRunAsync,CreateResponse), which represents a mechanism for the AI to potentially follow instructions present in the ingested data. - Sanitization: The code snippets do not demonstrate sanitization or validation of the contents of files before they are uploaded and processed.
Audit Metadata