azure-image-builder
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (INFO): The skill specifies a requirement for the Azure plugin from github.com/hashicorp/azure. As Hashicorp is a trusted organization, this dependency is considered low risk per [TRUST-SCOPE-RULE].
- [COMMAND_EXECUTION] (LOW): The skill utilizes shell commands like packer build and az ad sp, and includes provisioners that run sudo within the target virtual machine. These are necessary operations for system image preparation and cloud resource management.
- [CREDENTIALS_UNSAFE] (INFO): The templates manage sensitive Azure Service Principal credentials (Client ID, Secret, Tenant ID). The skill correctly recommends using environment variables and sensitive variable types rather than hardcoding actual secrets.
Audit Metadata