azure-role-selector
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill accepts natural language input to define access controls, creating an attack surface where malicious input can influence infrastructure-as-code generation. * Ingestion points: User requests defining 'desired permissions' (SKILL.md). * Boundary markers: Absent; the skill does not instruct the agent to ignore or delimit instructions within the input. * Capability inventory: Uses 'azure__extension_cli_generate' and 'azure__bicepschema' to produce executable CLI and Bicep code. * Sanitization: None detected.
- Command Execution (HIGH): The skill's primary output is executable code for identity and access management, which can result in privilege escalation if manipulated.
Recommendations
- AI detected serious security threats
Audit Metadata