azure-communication-chat-java
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill handles untrusted external chat data and possesses capabilities with significant side effects.
- Ingestion points: threadClient.listMessages() and threadClient.getMessage() in SKILL.md.
- Boundary markers: Absent in provided examples; user-generated chat content is processed directly.
- Capability inventory: threadClient.sendMessage(), threadClient.addParticipants(), and chatClient.deleteChatThread() in SKILL.md allow an agent to modify state and interact externally.
- Sanitization: No evidence of sanitization or validation for message content before use.
- External Downloads (LOW): References the com.azure:azure-communication-chat Maven package.
- Evidence: XML dependency block in SKILL.md.
- Trust: The source (Azure) is a trusted provider, downgrading this finding per TRUST-SCOPE-RULE.
Recommendations
- AI detected serious security threats
Audit Metadata