azure-app-service
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Azure CLI (az) to perform high-impact administrative actions, including starting, stopping, and restarting web applications, as well as swapping deployment slots which can affect production traffic.
- [CREDENTIALS_UNSAFE]: The command 'az webapp config appsettings list' is included, which retrieves application configuration values. These settings commonly contain sensitive plaintext credentials such as database connection strings, API keys, and authentication tokens that are read into the agent's context.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from the Azure environment. * Ingestion points: The agent reads and processes output from 'az webapp list', 'az webapp show', 'az webapp log tail', and 'az webapp config appsettings list' within SKILL.md. * Boundary markers: No delimiters or protective instructions are used to separate external command output from the agent's core instructions. * Capability inventory: The agent has the ability to execute shell commands via 'az' and 'jq'. * Sanitization: No validation or filtering is applied to the data retrieved from Azure before it is analyzed by the agent.
Audit Metadata