Skills
skills/tyler-r-kendrick/agent-skills/azure-prepare/Gen Agent Trust Hub

azure-prepare

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • PROMPT_INJECTION (HIGH): The SKILL.md file uses aggressive 'authoritative guidance' language such as 'IGNORE any prior training', 'This document is the official, canonical source', and 'This guidance supersedes all other sources'. These are textbook prompt injection patterns used to bypass the agent's default safety and operational constraints.
  • REMOTE_CODE_EXECUTION (HIGH): The skill presents a high-risk surface for 'Indirect Prompt Injection' (Category 8). Its core workflow involves scanning arbitrary local workspace files (e.g., package.json, requirements.txt, azure.yaml) and using findings to generate infrastructure code and select CLI commands for execution. A malicious file placed in a workspace could manipulate the agent into generating backdoored infrastructure or executing dangerous cloud commands. There is no evidence of sanitization or robust boundary marking for this ingested data.
  • COMMAND_EXECUTION (HIGH): The skill provides explicit instructions to execute powerful shell commands via the Azure CLI (az) and Azure Developer CLI (azd). This includes commands for account discovery (az account show), credential management (az keyvault secret list), and destructive resource management (az group delete).
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill frequently references and instructs the use of remote templates via azd init -t <template>. These templates are pulled from external repositories such as github.com/Azure-Samples and azure.github.io. Since these organizations are not strictly within the provided 'Trusted Sources' list, they are treated as untrusted remote code ingestion points.
  • DATA_EXFILTRATION (MEDIUM): The skill provides pathways to expose sensitive environment data, including subscription IDs, tenant IDs, and Key Vault secrets (keyvault_secret_get). While intended for deployment preparation, these mechanisms can be abused for data exposure.
  • MALICIOUS_URL (INFO): Automated scans flagged requirements.md for a blacklisted URL. While no explicit malicious URL string is visible in the provided text, the file contains multiple command-line snippets that interact with Azure account metadata.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 03:37 AM