azure-web-pubsub
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation content from official Microsoft domains (learn.microsoft.com) using designated tools like
mcp_microsoftdocs:microsoft_docs_fetchorfetch_webpage. These are trusted sources used for their intended purpose. - [REMOTE_CODE_EXECUTION]: The skill mentions an external tool (mcp_microsoftdocs) and provides a link to its installation guide on the author's official GitHub repository (MicrosoftDocs/mcp). This is a standard reference for expanding agent capabilities via official vendor tools.
- [PROMPT_INJECTION]: Instructions provided to the agent regarding line ranges and tool usage are standard operational guidance and do not attempt to bypass safety filters or override core behaviors.
- [INDIRECT_PROMPT_INJECTION]: The skill establishes a data ingestion surface by fetching external documentation. While this creates a theoretical surface for indirect injection if the source were compromised, the use of official Microsoft documentation as the data source makes this a standard functional pattern.
Audit Metadata