Skills
skills/aktsmm/agent-skills/azure-infra-validation/Gen Agent Trust Hub

azure-infra-validation

Warn

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The PowerShell scripts scripts/check-vpn-lab-status.ps1 and scripts/watch-az-resource-state.ps1 are wrapper scripts designed to execute external PowerShell scripts.
  • The scripts use path traversal (..\..\..\..\) to resolve a target file path outside the skill's own directory tree.
  • The resolved path is then executed using the PowerShell call operator (&).
  • Evidence in scripts/check-vpn-lab-status.ps1: $target = Join-Path $PSScriptRoot '..\..\..\..\scripts\check-vpn-lab-status.ps1'; $resolved = [System.IO.Path]::GetFullPath($target); & $resolved @Arguments.
  • [COMMAND_EXECUTION]: The skill possesses an indirect prompt injection surface through the ingestion of user-provided tenant and subscription IDs which are used to construct Azure CLI (az) commands.
  • Ingestion points: User inputs for tenant ID and subscription ID in SKILL.md.
  • Boundary markers: None explicitly defined to separate user-provided IDs from the command structure.
  • Capability inventory: The skill uses az account show, az account set, and various az provisioning commands as described in the workflow.
  • Sanitization: There is no explicit instruction to validate or sanitize the format of the tenant or subscription IDs before use in the shell.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 24, 2026, 07:33 AM
Security Audit — agent-trust-hub — azure-infra-validation