api-security-review
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its interaction with external Azure environments. It utilizes tools like
azure_resources-query_azure_resource_graphandmcp_azure_mcp_get_azure_bestpracticesto retrieve live configuration data. If an attacker controls resource names, tags, or descriptions in the environment being audited, they could embed malicious instructions that the agent might inadvertently follow. \n - Ingestion points: Data returned from the
azure_resources-query_azure_resource_graphandmcp_azure_mcp_get_azure_bestpracticesMCP tools, as well as the referencedreferences/SECURITY_CONTROLS.mdfile (not provided). \n - Boundary markers: Absent; there are no instructions or delimiters defined to isolate external resource data from the agent's primary instruction set. \n
- Capability inventory: The skill provides and suggests administrative CLI commands (e.g.,
az apim update) based on the data it analyzes, creating a path for automated or semi-automated configuration changes. \n - Sanitization: No explicit sanitization or validation of the retrieved external content is described in the skill's instructions.
Audit Metadata