appinsights-instrumentation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect prompt injection surface identified through source code analysis.
- Ingestion points: The skill instructs the agent to read workspace source code to guess the language, framework, and hosting environment (SKILL.md).
- Boundary markers: No delimiters or instructions to ignore embedded commands within the analyzed code are provided.
- Capability inventory: The skill possesses significant capabilities, including executing Azure CLI (
az) commands to create resources and modify cloud configurations, as well as modifying local code files (scripts/appinsights.ps1, references/*.md). - Sanitization: There is no mechanism to sanitize or validate the content of the source code before it influences the agent's decision-making process.
- [COMMAND_EXECUTION] (LOW): The skill executes multiple Azure CLI commands for infrastructure management.
- Evidence: scripts/appinsights.ps1 uses
az monitor,az webapp, andaz containerappcommands to create resources and set sensitive environment variables. - [EXTERNAL_DOWNLOADS] (LOW): The skill triggers the download and installation of official libraries from trusted registries.
- Evidence: references/aspnetcore.md, references/nodejs.md, and references/python.md specify the installation of
Azure.Monitor.OpenTelemetry.AspNetCore,@azure/monitor-opentelemetry, andazure-monitor-opentelemetryrespectively.
Recommendations
- AI detected serious security threats
Audit Metadata