azure-functions-agents
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a framework for building Azure Functions agents using the
azurefunctions-agents-runtimepackage. No security issues were detected. - [EXTERNAL_DOWNLOADS]: The skill references the
azurefunctions-agents-runtimepackage from PyPI and its source code in the official Azure GitHub organization. These are official sources for the skill's primary functionality. - [COMMAND_EXECUTION]: The skill provides instructions for the user to run standard developer tools such as
azd(Azure Developer CLI),func(Azure Functions Core Tools), andpipto manage their project environment. - [REMOTE_CODE_EXECUTION]: The skill documents how to enable a Python code execution sandbox (
execute_python) using Azure Container Apps Dynamic Sessions. This provides a managed and secure environment for agents to perform computations. - [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection where external event data is ingested into the agent's context.
- Ingestion points: Event data from Azure Function triggers (HTTP, Queue, Blob, etc.) is passed to agents as JSON payloads in the prompt.
- Boundary markers: Trigger data is wrapped in JSON code blocks to distinguish it from instructions.
- Capability inventory: Agents can utilize the
execute_pythontool and various Azure API connectors like Office 365 or Teams. - Sanitization: No explicit sanitization or filtering of incoming event data is described in the instruction files.
Audit Metadata