azure-cloud-migrate
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection: The skill ingests and analyzes external source code and configuration files (e.g., AWS Lambda, SAM templates). Processing this untrusted data is a potential surface for indirect prompt injection, which the skill addresses by enforcing a sequential, multi-phase assessment process before any code generation occurs.
- External Downloads and Dependencies: It utilizes official Microsoft developer tools, Azure CLI components, and verified SDKs such as
@azure/identityand@azure/functions. These dependencies are necessary for the cloud environment and originate from trusted vendor sources. - Data Exposure and Credential Safety: The skill explicitly implements 'Identity-First Authentication,' directing developers to use User Assigned Managed Identities (UAMI) and Azure RBAC instead of hardcoded connection strings or API keys, which significantly reduces the risk of credential theft.
- Privilege Management: A 'Destructive Action Policy' is included, requiring explicit user confirmation before the agent performs sensitive operations like overwriting code, deleting files, or deploying to production, ensuring human oversight for critical environment changes.
Audit Metadata