azure-compliance
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted metadata from the Azure environment which could contain malicious instructions.\n
- Ingestion points: Resource names, tags, and property values retrieved via 'mcp_azure_mcp_extension_azqr' and Key Vault tools used in 'references/azure-quick-review.md' and 'references/azure-keyvault-expiration-audit.md'.\n
- Boundary markers: Absent; the skill lacks delimiters or instructions to ignore embedded commands in resource data.\n
- Capability inventory: High-privilege access to Key Vault secrets/keys and various cloud configuration commands.\n
- Sanitization: Absent; metadata is processed without validation or escaping.\n- [Command Execution] (LOW): The skill generates and suggests CLI and PowerShell commands for resource remediation using templates in 'references/azqr-remediation-patterns.md'. These could be susceptible to command injection if resource names are maliciously crafted to include shell metacharacters.\n- [Credentials Unsafe] (LOW): Auditing Key Vault expiration using 'keyvault_secret_get' unnecessarily exposes full secret values to the agent's context. While this access is associated with the primary purpose of security auditing, it exceeds the minimum privilege required for expiration monitoring.
Audit Metadata