azure-validate
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill contains strong directive language intended to override agent behavior. Phrases such as 'AUTHORITATIVE GUIDANCE', 'Follow these instructions exactly', and 'This supersedes prior training' in SKILL.md are classic markers of prompt injection designed to bypass standard operational constraints.
- INDIRECT PROMPT INJECTION (HIGH): The skill has a significant attack surface for indirect injection (Category 8). It ingests untrusted data from local infrastructure files (azure.yaml, Bicep, Terraform files) and external MCP tools (azure_mcp_policy). These inputs are used to make deployment decisions. While it includes boundary markers like 'ask_user' for destructive actions, it lacks explicit sanitization or instructions to ignore embedded instructions within the processed code files.
- COMMAND_EXECUTION (MEDIUM): The skill provides numerous pre-defined shell commands for debugging and validation (e.g.,
az account show,terraform plan,az bicep build). While these are standard tools, they are executed in a context where they process potentially attacker-controlled file content, increasing the risk of command injection if parameters are not handled safely by the underlying agent.
Recommendations
- AI detected serious security threats
Audit Metadata