azure-eventhub-py
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs official Microsoft Azure SDK packages (
azure-eventhub,azure-identity,azure-eventhub-checkpointstoreblob-aio) from public registries to enable cloud service interactions. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting and processing data from an external source (Azure Event Hubs).
- Ingestion points: The
on_eventfunction inSKILL.mdprocesses untrusted event data via theevent.body_as_str()method. - Boundary markers: The provided examples do not use delimiters or explicit instructions to prevent the agent from interpreting instructions contained within the event body.
- Capability inventory: The skill includes capabilities for both network ingestion (
EventHubConsumerClient) and data transmission (EventHubProducerClient) as documented inSKILL.md. - Sanitization: No validation or sanitization logic is implemented in the provided code snippets to filter potentially malicious content from the event stream.
Audit Metadata