azure-eventgrid-java
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill provides patterns for parsing untrusted data from external sources (JSON payloads from webhooks) which can then influence agent behavior or be used in network operations. 1. Ingestion points:
EventGridEvent.fromString(jsonPayload)andCloudEvent.fromString(cloudEventJson)inSKILL.md. 2. Boundary markers: Absent. No delimiters or instructions to ignore embedded commands are provided for the parsed content. 3. Capability inventory:EventGridPublisherClient.sendEvent()andEventGridReceiverClient.acknowledge()involve network operations and state modification across Azure services. 4. Sanitization: Absent. Code snippets demonstrate direct deserialization to objects without validation or sanitization of the input string. - [Unverifiable Dependencies & Remote Code Execution] (INFO): The skill references the Maven dependency
com.azure:azure-messaging-eventgrid:4.27.0. - Source: Trusted (Microsoft/Azure).
- Severity: Downgraded to INFO per [TRUST-SCOPE-RULE].
Audit Metadata