microsoft-foundry
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill utilizes the Azure Developer CLI (
azd) to initialize projects from the official Azure-Samples repository (https://github.com/Azure-Samples/azd-ai-starter-basic). This is a legitimate and expected source for infrastructure-as-code templates. - [COMMAND_EXECUTION] (SAFE): Resource management is handled through official Azure CLI (
az) commands. These operations target Microsoft's authenticated Management APIs (management.azure.com) and are used for routine tasks such as quota checking, RBAC assignment, and model deployment. - [DYNAMIC_EXECUTION] (SAFE): The agent development sub-skill scaffolds Python code and VS Code configuration files. It includes a 'Verify Startup' phase that executes the generated script within a local virtual environment to catch configuration errors. This behavior is standard for development tools and is clearly documented for the user.
- [PROMPT_INJECTION] (SAFE): While the skill creates AI agents that process external data (e.g., via Bing Search), the provided templates follow standard SDK patterns. There are no instructions aimed at bypassing model safety filters or overriding system prompts.
Audit Metadata