azure-review
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an inherent surface for indirect prompt injection as it is designed to ingest and analyze potentially untrusted infrastructure-as-code (IaC) files. This is addressed by a robust 'Prompt Injection Safety Notice' in
SKILL.mdthat instructs the agent to treat all file contents as data rather than instructions. - Ingestion points: Infrastructure definitions (Terraform, Bicep, ARM templates) located via Step 1 of the process in
SKILL.md. - Boundary markers: The skill includes specific instructions in the safety notice to disregard directives embedded in configuration files.
- Capability inventory: The skill is restricted to
Read,Grep, andGlobtools. It lacks network access, file-write capabilities, or shell execution tools. - Sanitization: The skill implements instructional sanitization by directing the agent to ignore non-technical claims within the analyzed files.
- [EXTERNAL_DOWNLOADS]: The skill contains references to official security documentation and technical registries, including
cisecurity.org,learn.microsoft.com, andregistry.terraform.io. These are recognized as well-known and trusted sources for security benchmarks and infrastructure-as-code providers.
Audit Metadata