azure-resource-visualizer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The skill instructions explicitly direct the agent to capture and analyze sensitive configuration data.
- Evidence: Under 'Step 2: Resource Discovery & Analysis', the skill instructs the agent to map 'App Settings pointing to Key Vaults, connection strings'. This leads to the direct exposure of secrets and credentials within the agent's context and subsequently in the generated markdown documentation.
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) due to its combination of untrusted data ingestion and powerful execution capabilities.
- Ingestion points: The skill reads resource names, types, configurations, and network settings from Azure via
azcommands and MCP tools. - Boundary markers: There are no boundary markers or 'ignore embedded instructions' warnings provided in the prompt logic when handling resource data.
- Capability inventory: The skill has the ability to execute arbitrary shell commands via the terminal (
azCLI) and write files to the local workspace. - Sanitization: No sanitization or validation of the retrieved Azure metadata is performed before it is used in logic or written to files. An attacker with the ability to name or tag a resource in the Azure environment could inject malicious instructions that the agent might execute.
- COMMAND_EXECUTION (MEDIUM): The skill relies heavily on executing shell commands (
azCLI) to perform its function. While this is the intended use case, the lack of input validation when interpolating resource names into these commands creates a risk of command injection if an Azure resource name contains shell metacharacters.
Recommendations
- AI detected serious security threats
Audit Metadata