azure-cosmos-ts
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a documentation and implementation guide for the official Microsoft Azure Cosmos DB client library (@azure/cosmos). It describes standard usage for database operations.
- [SAFE]: Security best practices are promoted throughout the guide, specifically recommending DefaultAzureCredential for AAD-based authentication over the use of static account keys.
- [SAFE]: The skill explicitly recommends and provides examples for parameterized queries using SqlQuerySpec to prevent SQL injection vulnerabilities when querying database documents.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials, API keys, or private tokens are present. The examples correctly use environment variable placeholders for endpoints and keys.
- [SAFE]: The skill identifies an indirect prompt injection surface as it processes data retrieved from an external database (Azure Cosmos DB). The potential risk is mitigated through instructions that emphasize parameterized queries and structured data handling (evidence: SKILL.md; ingestion: database query results; boundaries: absent; capabilities: network-based database operations; sanitization: parameterized queries).
Audit Metadata