azure-communication-sms-java
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Secure Authentication Patterns]: The skill demonstrates safe practices by recommending DefaultAzureCredentialBuilder and environment variables for managing sensitive connection strings and access keys, rather than hardcoding them into the logic.
- [Trusted Infrastructure Communication]: All network operations are directed toward official Azure endpoints (*.communication.azure.com), which are managed by a trusted service provider.
- [Indirect Prompt Injection Surface]: The skill processes message content provided at runtime, which serves as an entry point for external data. \n
- Ingestion points: SMS message content is ingested through the message parameter in the send and sendWithResponse methods across SKILL.md and references/examples.md.\n
- Boundary markers: The provided code examples do not include explicit delimiters or warnings to ignore instructions embedded within the message strings.\n
- Capability inventory: The skill is designed to perform network operations to send SMS data via Azure APIs.\n
- Sanitization: There is no explicit sanitization of the message content in the examples. Users should consider validating or sanitizing input when the message content originates from untrusted sources to prevent potential influence on downstream automated systems.
Audit Metadata