update-avm-modules-in-bicep
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches module metadata from mcr.microsoft.com and documentation from github.com/Azure/bicep-registry-modules. Both are official, trusted sources associated with Microsoft Azure.- [COMMAND_EXECUTION]: The skill executes bicep lint and bicep build commands via the #runCommands tool. These are standard operations for validating infrastructure-as-code and align with the skill's stated purpose.- [PROMPT_INJECTION]: The skill processes external data from local Bicep files and remote documentation. Ingestion points: local file content and official Azure URLs. Boundary markers: Absent. Capability inventory: #editFiles and #runCommands (bicep lint/build). Sanitization: Absent. The risk of indirect prompt injection is mitigated by the narrow scope of capabilities and a mandatory manual approval policy for breaking changes.
Audit Metadata