azure-deployment-preflight
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes official Azure and Bicep CLI commands to validate infrastructure templates. These commands (e.g., 'az deployment group what-if', 'azd provision --preview') are standard for Azure DevOps workflows and are invoked as intended by the tool's description.
- [DATA_EXPOSURE] (SAFE): Analysis of the skill shows it only accesses project-related files like '.bicep', '.bicepparam', and 'azure.yaml' to perform its validation tasks. No attempts to access sensitive system files or exfiltrate data to untrusted domains were found.
- [PROMPT_INJECTION] (SAFE): The instructions are strictly focused on the validation workflow. There are no attempts to bypass safety filters, extract system prompts, or override agent behavior.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from local Bicep and parameter files. While this presents an ingestion surface, the data is passed to trusted external binaries (Azure CLI) for processing rather than being interpreted as instructions by the AI agent itself. No evidence of malicious interpolation was found.
Audit Metadata