azure-communication-common-java
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGH
Full Analysis
- [EXTERNAL_DOWNLOADS] (INFO): The skill references the official 'com.azure:azure-communication-common' dependency via Maven. This is a trusted library provided by Microsoft and is safe for use.
- [CREDENTIALS_UNSAFE] (SAFE): The skill demonstrates secure practices by using environment variables (AZURE_COMMUNICATION_USER_TOKEN) and descriptive placeholders instead of hardcoding sensitive tokens.
- [PROMPT_INJECTION] (SAFE): No prompt injection or indirect injection vulnerabilities were detected. Data ingestion is limited to identifier parsing using static string matching.
- [COMMAND_EXECUTION] (SAFE): There are no attempts to execute arbitrary shell commands or spawn subprocesses.
- [SECURITY_ALERT_VERIFICATION] (INFO): The malicious URL flagged by the automated scanner ('com.azure.communication.com') was not found within the skill files; the skill correctly uses legitimate 'communication.azure.com' endpoints.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata