azd-deployment

The skill consists of markdown files detailing the use of Azure Developer CLI (azd) for deploying containerized applications. It includes examples of azure.yaml configurations, Bicep templates, and bash commands for azd and az CLI.

1. Prompt Injection: No patterns indicative of prompt injection were found. The skill's language is instructional and does not attempt to manipulate the AI's behavior or bypass safety guidelines.
2. Data Exfiltration: No sensitive file paths (e.g., ~/.ssh/id_rsa, ~/.aws/credentials) are accessed. All az and azd commands demonstrated are for legitimate interactions with Azure resources or azd's own local configuration files. There are no network operations targeting non-whitelisted or suspicious external domains for data exfiltration. The use of az role assignment create is for legitimate Azure Role-Based Access Control (RBAC) within the Azure environment, not for local privilege escalation or exfiltration.
3. Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were detected in any of the files.
4. Unverifiable Dependencies: The skill relies on the Azure Developer CLI (azd) and Azure CLI (az), which are assumed to be pre-installed and trusted tools. No instructions for installing unverified external packages or cloning from untrusted GitHub repositories were found.
5. Privilege Escalation: No commands like sudo, chmod 777, or attempts to modify system-level files were found. While az role assignment create manages privileges within Azure, this is a core function of an Azure deployment tool and does not constitute local system privilege escalation.
6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying .bashrc, creating cron jobs, or installing services) were detected.
7. Metadata Poisoning: The name and description fields, as well as comments and other metadata, are benign and accurately reflect the skill's purpose.
8. Indirect Prompt Injection: The skill provides examples for azure.yaml files, which can contain hooks that execute arbitrary shell commands. While this feature of azd could theoretically be misused by a user to inject malicious commands into their own configuration, the skill itself only provides benign examples for legitimate Azure resource management (e.g., RBAC assignment, saving custom domains). The skill does not process arbitrary untrusted input in a way that would lead to indirect prompt injection.
9. Time-Delayed / Conditional Attacks: No conditional logic based on dates, usage counters, or specific environment triggers for malicious behavior was found.

Overall, the skill is well-documented, follows good security practices (e.g., warning against hardcoded secrets, using managed identities), and presents no security risks.