azure-kusto
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill defines a fallback strategy utilizing the Azure CLI (
az restandaz kusto). The construction of shell commands involving<kql-query>and<database>parameters is highly susceptible to command injection if the input contains shell metacharacters or nested quotes, particularly when the agent retrieves this input from previous tool outputs. - PROMPT_INJECTION (HIGH): Category 8: Indirect Prompt Injection. The skill is designed to ingest and analyze untrusted external data (logs, telemetry, and IoT data) via
kusto_query(SKILL.md). - Ingestion points: Data enters the context through
kusto_queryandkusto_table_schema_get. - Boundary markers: None. There are no instructions to the agent to treat retrieved log data as data rather than instructions.
- Capability inventory: The skill has high-privilege capabilities including KQL execution and Shell command execution through the Azure CLI fallback.
- Sanitization: Absent. There is no evidence of escaping or validating the content of retrieved logs before they are used in subsequent reasoning or command construction.
- EXTERNAL_DOWNLOADS (LOW): The skill makes network requests to Azure endpoints (e.g.,
kusto.windows.net) via REST API calls and CLI commands. While targeting a reputable provider, these represent an external data flow that could be used for data exfiltration if the target URL is manipulated.
Recommendations
- AI detected serious security threats
Audit Metadata