azure-security-keyvault-secrets-java
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes the official 'com.azure:azure-security-keyvault-secrets' dependency, which is maintained by Microsoft, a trusted organization.
- [SAFE]: All network communications are directed to '*.vault.azure.net', which is a well-known and legitimate service domain for Azure Key Vault.
- [SAFE]: Hardcoded strings in code examples (e.g., 'P@ssw0rd123!', 'sk_live_abc123xyz') are used for illustrative purposes within a documentation context and are treated as non-functional placeholders.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of data from an external source (Azure Key Vault), creating a potential surface for indirect prompt injection if the retrieved content is not sanitized by the consuming agent.
- Ingestion points: Secret values are retrieved from the remote vault via 'secretClient.getSecret()' in SKILL.md.
- Boundary markers: None present; secrets are processed as raw strings.
- Capability inventory: The skill includes capabilities to read, write, and delete secrets, as well as local file system access for backups ('Files.write').
- Sanitization: No explicit sanitization or validation of the secret content is performed before it is returned to the agent context.
Audit Metadata