azure-appconfiguration-py
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install
azure-appconfigurationandazure-identity. These are official Microsoft libraries, which are considered trusted sources according to the established safety rules. - [CREDENTIALS_UNSAFE]: The skill documentation describes authentication methods using environment variables for connection strings and endpoints. It uses safe placeholders like
Secret=...and<name>for sensitive information, preventing hardcoded credential exposure. - [PROMPT_INJECTION]: The skill involves reading external data from Azure App Configuration, which constitutes an indirect prompt injection surface. Ingestion points:
get_configuration_settingandlist_configuration_settingsmethods used inSKILL.md. Boundary markers: None are explicitly defined in the provided code snippets to distinguish retrieved configuration from instructions. Capability inventory: The skill facilitates network operations for reading and writing Azure configuration; no local command execution or file-write capabilities are included in the skill content itself. Sanitization: No specific sanitization or validation of the retrieved configuration values is shown in the provided examples.
Audit Metadata