azure-deploy
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- REMOTE_CODE_EXECUTION (LOW): Detected a 'pipe to bash' pattern used to install the Azure Developer CLI. \n
- Evidence: 'curl -fsSL https://aka.ms/install-azd.sh | bash' in references/sdk/azd-deployment.md. \n
- Mitigation: The source domain 'aka.ms' belongs to Microsoft, which is a trusted organization. Per [TRUST-SCOPE-RULE], the severity is downgraded to LOW. \n- COMMAND_EXECUTION (SAFE): The skill is designed to execute infrastructure deployment and management commands. \n
- Evidence: Use of 'azd up', 'az deployment group create', and 'terraform apply' across multiple recipe files. \n
- Mitigation: These operations are the intended primary purpose of the skill. The skill explicitly requires user confirmation via 'ask_user' for all destructive or cost-impacting actions as defined in references/global-rules.md. \n- INDIRECT_PROMPT_INJECTION (LOW): The skill ingests local configuration data to drive deployment logic, creating a potential surface for indirect instruction manipulation. \n
- Ingestion points: Reads '.azure/plan.md' in SKILL.md. \n
- Boundary markers: Absent; the agent is instructed to read the file and verify status. \n
- Capability inventory: High-privilege shell command execution (azd, az, terraform) and resource deletion. \n
- Sanitization: Absent; the skill relies on the 'azure-validate' step (status = 'Validated') as a trust anchor.
Audit Metadata