azure-rbac
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- Official Tool Integration: The skill leverages specific tools such as
azure__documentationandazure__extension_cli_generateto fetch role definitions and create configuration code. These tools are consistent with the skill's purpose for managing Azure resources. - Principle of Least Privilege: The instructions explicitly direct the agent to find the 'minimal role definition' that matches user requirements, which is a foundational security best practice for access management.
- Controlled Code Generation: While the skill generates CLI commands and Bicep snippets, it does so through specialized generators rather than arbitrary shell execution or unsafe string manipulation. This provides a structured way to handle infrastructure-as-code tasks.
- Indirect Prompt Injection Surface: Like most skills that process user-defined requirements, it has a potential surface for indirect prompt injection if a user provides a malicious description of permissions. However, this is a standard consideration for LLM-based tools and is mitigated here by the use of specialized backend tools for role identification.
Audit Metadata