azure-communication-callingserver-java
Pass
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: LOW
Full Analysis
- EXTERNAL_DOWNLOADS (INFO): References official Azure SDK packages from the Microsoft/Azure organization (com.azure:azure-communication-callingserver). These are considered trusted sources per the security policy.
- CREDENTIALS_UNSAFE (SAFE): Code snippets for client initialization use placeholders like "" or environment variable lookups (System.getenv). No hardcoded credentials or secrets were found.
- PROMPT_INJECTION (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were detected.
- COMMAND_EXECUTION (SAFE): The skill consists entirely of documentation and static code snippets; it contains no logic for spawning subprocesses or executing shell commands.
- INDIRECT_PROMPT_INJECTION (INFO): The skill describes handling callback URIs and IDs, which are external data points. This is an inherent part of the SDK's purpose and is presented as documentation (display-only), representing a negligible risk tier.
Audit Metadata