azure-messaging-webpubsub-java
Audited by Gen Agent Trust Hub on Feb 13, 2026
The skill files (SKILL.md, references/acceptance-criteria.md, references/examples.md) were thoroughly analyzed for security threats. No prompt injection patterns, obfuscation techniques, privilege escalation attempts, persistence mechanisms, or time-delayed attacks were detected.
1. Data Exfiltration: The skill demonstrates how to use Azure Web PubSub with connection strings and access keys. It explicitly recommends and shows examples of retrieving these sensitive credentials from environment variables (System.getenv), which is a secure practice. There are no commands or code snippets that attempt to exfiltrate any data or sensitive files to external servers.
2. Unverifiable Dependencies: The skill instructs users to install the com.azure:azure-messaging-webpubsub Maven dependency. This dependency belongs to the com.azure group ID, which is associated with Microsoft Azure, a trusted organization. The references/acceptance-criteria.md file also links to the official Azure SDK for Java GitHub repository (https://github.com/Azure/azure-sdk-for-java), further confirming its trusted nature. While this is an external dependency, its source is trusted, leading to a low-severity informational finding. The ChatService example also uses com.fasterxml.jackson.databind.ObjectMapper, which is a widely used and trusted Java library for JSON processing.
3. Metadata Poisoning: No malicious instructions or hidden content were found in the skill's metadata fields (name, description, package) or in the titles/contents of the reference files.
4. Indirect Prompt Injection: As a real-time messaging skill, it inherently processes user-supplied messages. If these messages were subsequently fed into an LLM without proper sanitization, they could pose an indirect prompt injection risk. However, this is a general risk associated with the nature of the skill's function and not a direct vulnerability introduced by the skill's instructions themselves. This is noted as an informational risk.
Conclusion: The skill is well-documented, promotes secure practices for credential handling, and relies on trusted external components. No direct security vulnerabilities or malicious patterns were identified in the skill's instructions or code examples.