azure-communication-callautomation-java
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [Authentication Practices]: The skill correctly demonstrates the use of
DefaultAzureCredentialBuilder, which is the recommended approach for managing cloud identities without exposing secrets in code. It also includes warnings against hardcoding connection strings in its acceptance criteria. - [Network and Callback Security]: The skill utilizes callback URLs and media source URLs. All examples use placeholder domains (e.g.,
your-app.com) or official Azure infrastructure (azure.com), representing standard integration patterns for communication services. - [Data Ingestion Surface]: The skill implements webhook handlers that process incoming call events and speech/DTMF recognition results.
- Ingestion points: Webhook request bodies in the
handleCallbackandhandleCallEventsmethods (SKILL.md, references/examples.md). - Boundary markers: None explicitly shown for the raw string data before parsing with
CallAutomationEventParser. - Capability inventory: The skill uses capabilities like making calls (
createCall), playing audio (play), and downloading recordings (downloadTo). - Sanitization: The skill uses the official
CallAutomationEventParserto validate and convert raw JSON payloads into structured event objects, which is a standard safety measure for this service. - [Remote Package Management]: The skill references the official
com.azure:azure-communication-callautomationpackage from the Microsoft Maven registry, which is an expected and verified dependency.
Audit Metadata