azure-bot

The Azure Bot skill aligns with its stated purpose of creating and deploying bot resources via the Azure CLI, including identity setup and channel configuration. However, there are notable security considerations around secret handling (APP_PASSWORD, APP_ID, TENANT_ID, CLIENT_ID), and the workflow depends on an active Azure session with appropriate permissions. The footprint is coherent with its purpose but warrants strict secret-management practices (redacted logs, secure storage of credentials) and explicit guidance on minimizing privilege scope. Overall, the risk is MEDIUM (suspicious in terms of secret handling but not inherently malicious); treat as SUSPICIOUS-to-MEDIUM until secret-management safeguards are confirmed.