azure-storage-blob-ts
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes official and well-known packages from the Microsoft and Azure organizations, specifically
@azure/storage-bloband@azure/identity. - [SAFE]: All network operations are directed towards legitimate Azure service endpoints (e.g.,
blob.core.windows.net), which are classified as well-known service domains. - [SAFE]: Authentication guidance prioritizes the use of
DefaultAzureCredential, which leverages environment-based managed identities and minimizes the risk of credential exposure compared to connection strings. - [SAFE]: The documentation includes an explicit security warning regarding the use of hardcoded credentials, categorizing it as a risk and providing a non-functional placeholder as an example of what to avoid.
- [SAFE]: Detailed instructions for Shared Access Signature (SAS) tokens are provided, emphasizing security principles such as least privilege, short-lived expiration, and HTTPS-only protocols.
- [SAFE]: Indirect prompt injection risks are minimal as the skill serves as a wrapper for standard storage operations; while it processes external blob data, it does not include instructions that would bypass safety filters or override agent behavior.
Audit Metadata