azure-deploy
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Trusted External Installation Script: The documentation includes a reference to install the Azure Developer CLI via a shell script hosted on an official Microsoft domain (aka.ms). Although the use of remote scripts for installation is a common security consideration, this source is a well-known service provided by the vendor, which mitigates the risk associated with external downloads.
- Secure Credential Handling: The skill strictly adheres to security best practices by instructing users to utilize environment variables, GitHub Secrets, or Azure Key Vault rather than hardcoding sensitive credentials. It emphasizes the use of Managed Identities for production environments to minimize secret exposure.
- Safety Controls for Destructive Actions: The skill implements a global rule requiring the agent to use explicit user confirmation tools before executing potentially harmful commands, such as deleting resource groups or purging data. This ensures human-in-the-loop oversight for high-risk operations.
- Deployment Workflow Integrity: A mandatory validation step is enforced, requiring that the 'azure-validate' skill be completed successfully before deployment can proceed. This prevents the execution of deployment commands on unverified or potentially misconfigured project plans.
Audit Metadata