azure-servicebus-ts
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Category 4: Unverifiable Dependencies & Remote Code Execution (LOW): The skill installs
@azure/service-busand@azure/identity. These packages belong to the 'azure' organization, which is a trusted source. According to the [TRUST-SCOPE-RULE], this finding is downgraded to LOW.\n- Category 8: Indirect Prompt Injection (LOW): The skill handles untrusted data from Azure Service Bus messages.\n - Ingestion points: Untrusted data enters the agent context via
receiver.receiveMessagesandreceiver.subscribeinSKILL.mdandreferences/queues-topics.md.\n - Boundary markers: Absent; the code examples do not demonstrate the use of delimiters or 'ignore' instructions when processing message bodies.\n
- Capability inventory: The skill allows for full message lifecycle management (sending, receiving, settling, and dead-lettering).\n
- Sanitization: Absent; the message content is logged and processed directly in the examples without sanitization, providing a surface where an agent might be influenced by instructions embedded in a message.
Audit Metadata