azure-servicebus-py
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is susceptible to indirect prompt injection due to its core functionality of receiving and processing external data from message brokers.
- Ingestion points: The
receive_messagesfunction inSKILL.mdallows the agent to ingest arbitrary message content from Azure Service Bus queues and topics. - Boundary markers: Absent. The examples process raw message strings without any delimiters or instructions to treat the data as untrusted.
- Capability inventory: The skill implements
sender.send_messages()(network operation to forward/respond) andprint()(local display) capabilities. - Sanitization: Absent. No sanitization, validation, or filtering of received message content is demonstrated in the code examples.
- [Unverifiable Dependencies] (LOW): The skill installs external Python packages required for its operation.
- Evidence:
pip install azure-servicebus azure-identityinSKILL.md. - Trusted Source: These packages are official SDKs from the
azureorganization (Microsoft), which is a trusted source, resulting in a downgraded severity per [TRUST-SCOPE-RULE].
Audit Metadata