agent-framework-azure-ai-py
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [Credential Management]: The skill correctly demonstrates using DefaultAzureCredential and AzureCliCredential from the azure-identity package. This is a secure practice that avoids hardcoding secrets and leverages environment-based authentication.- [Hosted Capabilities]: The inclusion of HostedCodeInterpreterTool and HostedWebSearchTool allows the agent to perform complex tasks. These tools execute within the service provider's secure, sandboxed environment rather than on the local user machine.- [Tool Approval Settings]: The documentation for MCP tools includes configurations for approval_mode. While 'never_require' increases agent autonomy, users should evaluate this setting based on the sensitivity of the tools being accessed.- [Indirect Prompt Injection Surface]: This skill facilitates the processing of external data through agent interactions, which is a common pattern in agentic workflows.
- Ingestion points: Untrusted data enters the agent context via the agent.run() and agent.run_stream() methods in SKILL.md.
- Boundary markers: The provided examples do not explicitly show the use of delimiters or 'ignore instructions' warnings for user input within the prompts.
- Capability inventory: The agent has access to powerful tools, including hosted code interpretation, web search, and MCP tools.
- Sanitization: The skill demonstrates output validation using Pydantic models but does not specify input sanitization for incoming user queries.
Audit Metadata