audit-tenant-settings
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Both 'scripts/audit-tenant-settings.py' and 'scripts/generate_audit_pdf.py' execute external CLI tools ('fab' and 'az') using 'subprocess.run'. This is the primary mechanism for retrieving tenant configuration and security group data from the Microsoft environment.
- [REMOTE_CODE_EXECUTION]: The script 'scripts/generate_audit_pdf.py' uses 'importlib.util' to dynamically load and execute the sibling script 'scripts/audit-tenant-settings.py' at runtime. This allows for logic sharing between the two components despite the hyphenated filename of the target script.
- [EXTERNAL_DOWNLOADS]: The skill instructions and scripts utilize the 'uv' package manager to run scripts and upgrade the 'ms-fabric-cli' tool. These operations involve downloading packages from official registries like PyPI.
- [DATA_EXFILTRATION]: The skill interacts with the local filesystem to store snapshots in '~/.cache/' and write reports to '/tmp/'. These locations are used for caching audit data and providing shareable output files to the user.
- [PROMPT_INJECTION]: The skill ingests data from external administrative APIs, creating a potential surface for indirect prompt injection if tenant setting values contain malicious instructions.
- Ingestion points: 'scripts/audit-tenant-settings.py' (via 'fab api' data collection)
- Boundary markers: Absent from the script logic.
- Capability inventory: Includes shell command execution ('subprocess.run') and file writing capabilities.
- Sanitization: Data is parsed as JSON/YAML, but no semantic content filtering or instruction escaping is applied before report generation.
Audit Metadata