azure-messaging-webpubsubservice-py
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill documentation instructs the installation of official Microsoft Azure SDK packages from a trusted repository for real-time messaging capabilities.\n
- Evidence: Installation commands for
azure-messaging-webpubsubserviceandazure-messaging-webpubsubclientprovided in SKILL.md.\n - Trust Scope: Downgraded to LOW as the organization 'Azure' is a verified trusted source in the provided framework.\n- Indirect Prompt Injection (MEDIUM): The skill creates an attack surface by allowing the agent to ingest data from external WebSocket connections and providing the capability to send messages to various targets.\n
- Ingestion points: WebSocket event handlers such as
client.on("server-message")andclient.on("group-message")in SKILL.md ingest untrusted external data.\n - Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the message payloads demonstrated in the provided code.\n
- Capability inventory: The skill exposes functions to broadcast or target messages (
send_to_all,send_to_user,send_to_group) and manage user groups, which could be leveraged if the agent is manipulated by untrusted input.\n - Sanitization: The example code does not include any sanitization or validation of the message content before processing or re-transmitting.
Audit Metadata