agent-governance-toolkit
Fail
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install software packages across multiple ecosystems, including '@microsoft/agent-governance-sdk' via npm and 'agent-governance-toolkit' via pip. These are not official Microsoft packages and are presented in a deceptive manner, creating a high risk of a supply chain attack.
- [COMMAND_EXECUTION]: The skill provides instructions to run a CLI tool ('agt') following the installation of the unverified packages. Executing tools from unverified or impersonated sources can lead to full system compromise.
- [PROMPT_INJECTION]: A potential prompt injection pattern ('Ignore previous instructions') was flagged in the SKILL.md file. Technical analysis determines this is a false positive, as the phrase is used as a data sample within a code example for testing security evaluators and does not target the agent's actual system prompt.
- [DATA_EXFILTRATION]: The skill provides patterns for configuring remote audit backends (e.g., 'azure-blob') using sensitive environment variables like 'AZURE_STORAGE_CONNECTION_STRING'. Given the impersonated nature of the packages, this creates a high risk for the exfiltration of infrastructure credentials.
Recommendations
- AI detected serious security threats
Audit Metadata