Skills
skills/microsoftdocs/agent-skills/azure-key-vault/Gen Agent Trust Hub

azure-key-vault

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches documentation from official Microsoft domains (learn.microsoft.com) using mcp_microsoftdocs:microsoft_docs_fetch and fetch_webpage. These are well-known, trusted sources for documentation content.
  • [EXTERNAL_DOWNLOADS]: References the official Microsoft GitHub repository (github.com/MicrosoftDocs/mcp) for tool installation instructions, which is a trusted source.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted markdown data from external URLs at runtime. However, the risk is minimal as the sources are official documentation portals and the skill's purpose is purely informational.
  • Ingestion points: Documentation content fetched from numerous learn.microsoft.com URLs listed in the Category Index.
  • Boundary markers: Absent. The skill does not define specific delimiters for the fetched content.
  • Capability inventory: No local scripts, subprocess calls, or file-write operations are present in the skill.
  • Sanitization: Absent. The agent is instructed to handle the fetched markdown directly.
  • [SAFE]: No obfuscation, hardcoded credentials, or persistence mechanisms were detected. The skill's instructions for the agent are clear and aligned with its stated purpose of providing expert guidance on Azure Key Vault.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 05:28 PM