Skills
skills/tfsugjp/csharptemplate/azure-role-selector/Gen Agent Trust Hub

azure-role-selector

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates untrusted user requirements directly into prompts for generating CLI commands and Bicep templates.
  • Ingestion points: User-provided permission descriptions and identity information (SKILL.md).
  • Boundary markers: Absent. The skill instructions do not define delimiters to separate user data from system instructions.
  • Capability inventory: Uses Azure MCP/extension_cli_generate and Azure MCP/bicepschema tools to generate shell commands and infrastructure-as-code snippets.
  • Sanitization: Absent. No input validation or escaping is applied to the user requirements before processing.
  • [NO_CODE]: The skill does not contain executable code files, which reduces the overall risk of direct malware execution, backdoors, or persistence mechanisms.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 12:20 AM
Security Audit — agent-trust-hub — azure-role-selector