azure-cost
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- Secure Authentication Practices: The skill provides extensive documentation on moving from local development credentials to production-ready Azure Managed Identities, ensuring that secrets are not hardcoded or exposed.
- Least Privilege Access: Instructions specify the minimum required Azure RBAC roles (Cost Management Reader and Monitoring Reader) needed to perform tasks, minimizing the potential impact of the agent's operations.
- Trusted Communication: Network operations are performed via official Azure Management APIs and CLI commands targeting verified Microsoft domains, which are recognized as trusted services.
- Destructive Action Safeguards: The workflow explicitly mandates obtaining user approval and performing validation steps before any resources are deleted or modified for cost optimization purposes.
- Resource Optimization Guidance: Includes structured patterns for identifying orphaned or underutilized resources using Azure Resource Graph and Azure Quick Review (azqr) without introducing external scripts or unverifiable dependencies.
Audit Metadata