azure-ai-projects-ts
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface detected. The skill configurations allow agents to ingest untrusted data from external sources.
- Ingestion points: Data enters the agent's context through tools such as
file_search,web_search_preview, and externalmcpservers as defined in SKILL.md. - Boundary markers: The provided code snippets do not include delimiters or specific instructions for the model to ignore embedded commands within tool outputs.
- Capability inventory: Agents are granted functional capabilities including
code_interpreterand customfunctioncalling. - Sanitization: No input validation or output sanitization of external tool data is demonstrated.
- [SAFE]: The skill relies on official packages from Microsoft/Azure (@azure/ai-projects, @azure/identity), which are recognized as trusted organizations.
- [SAFE]: Authentication is correctly implemented using
DefaultAzureCredential, which avoids the risk of hardcoded secrets or exposed API keys.
Audit Metadata