skills/sickn33/antigravity-awesome-skills/azure-resource-manager-cosmosdb-dotnet/Gen Agent Trust Hub
azure-resource-manager-cosmosdb-dotnet
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches 'Azure.ResourceManager.CosmosDB' and 'Azure.Identity' from the official NuGet registry. These are well-known packages from a trusted organization (Microsoft).
- [CREDENTIALS_UNSAFE]: The skill references sensitive environment variables such as 'AZURE_CLIENT_SECRET' and 'AZURE_SUBSCRIPTION_ID'. It also includes code snippets that retrieve and print 'PrimaryMasterKey' and connection strings to the console, which are necessary for management plane operations but represent sensitive data exposure.
- [COMMAND_EXECUTION]: Executes 'dotnet add package' commands to install required Azure SDK dependencies.
- [PROMPT_INJECTION]: Potential for indirect prompt injection as the skill ingests user-provided data for resource provisioning.
- Ingestion points: Resource names, partition key paths, and locations are passed as strings to the SDK methods (e.g., 'accountCollection.CreateOrUpdateAsync').
- Boundary markers: No explicit boundary markers or 'ignore embedded instructions' warnings are present in the provided code snippets.
- Capability inventory: The skill utilizes the 'ArmClient' to perform network-based management operations on Azure infrastructure, including creating accounts and retrieving keys.
- Sanitization: No input sanitization or validation logic is shown in the provided examples for variables used in resource configuration.
Audit Metadata