azure-storage
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill allows the agent to download and process external blob content while also providing write/upload capabilities. This configuration is susceptible to indirect prompt injection where malicious instructions inside a blob could trigger unauthorized storage operations.
- Ingestion points: storage_blob_get (SKILL.md) and az storage blob download (SKILL.md).
- Boundary markers: None.
- Capability inventory: storage_blob_put (SKILL.md), az storage blob upload (SKILL.md), and SDK write methods (references/sdk-usage.md).
- Sanitization: None.
- [Command Execution] (LOW): The skill facilitates the execution of Azure CLI commands (az storage). While these are standard tools, they grant the agent significant control over cloud resources.
- [External Downloads] (LOW): References several official Azure SDK packages for Python, Node.js, and other languages. These are from a trusted source (Microsoft/Azure), downgrading the risk per [TRUST-SCOPE-RULE].
- [Authentication] (SAFE): Code examples use DefaultAzureCredential, avoiding the risk of hardcoded secrets.
Recommendations
- AI detected serious security threats
Audit Metadata