azure-storage-queue-py
Audited by Gen Agent Trust Hub on Feb 13, 2026
================================================================================
✅ VERDICT: SAFE
This skill is primarily documentation and code examples for interacting with Azure Queue Storage using the official Python SDKs. It promotes good security practices, such as using environment variables for account URLs and DefaultAzureCredential for authentication, which avoids hardcoding sensitive information. The external dependencies (azure-storage-queue, azure-identity) are official Azure SDKs, which are considered trusted sources.
Total Findings: 2
🔵 LOW Findings: • Unverifiable Dependencies
- Line 12 (SKILL.md): The skill instructs the user to
pip install azure-storage-queue azure-identity. These are official Azure SDK packages from the trustedAzureGitHub organization (as confirmed byreferences/acceptance-criteria.md). This is noted as a low-risk external dependency for user setup.
ℹ️ TRUSTED SOURCE References: • https://github.com/Azure/azure-sdk-for-python
- Line 3 (references/acceptance-criteria.md): The
references/acceptance-criteria.mdexplicitly links to the official Azure SDK for Python GitHub repository, confirming the trusted nature of the dependencies.
ℹ️ INFO Findings: • Indirect Prompt Injection Risk
- Line 100 (SKILL.md): The skill demonstrates receiving and processing messages from an Azure Queue. Any skill that processes external, user-controlled data (like queue messages) carries an inherent risk of indirect prompt injection if the messages themselves contain malicious instructions that an LLM might interpret. This is a general risk associated with the functionality, not a direct vulnerability in the skill's code.
================================================================================