azure-enterprise-infra-planner
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- Architectural Planning and Research: The skill implements a structured workflow that prioritizes the Azure Well-Architected Framework (WAF). It uses dedicated tools to fetch official documentation and best practices from
learn.microsoft.com, ensuring the generated infrastructure plans align with vendor-recommended security and reliability standards. - Deployment Safeguards: Multiple verification gates are enforced before any infrastructure is provisioned. The skill requires a transition of the plan status to 'approved' and explicit user confirmation for 'destructive actions' like
terraform applyoraz deployment group create. This prevents the automated or accidental execution of infrastructure changes. - Secure Credential Management: The instructions consistently advocate for secure practices, such as using Azure Managed Identities instead of connection strings and leveraging Azure Key Vault with 'soft-delete' and 'purge protection' enabled for secret management.
- Standard Toolchain Usage: The skill utilizes recognized Infrastructure as Code (IaC) tools including Terraform and the Azure CLI. These tools are used within their intended operational context for cloud resource management.
- Information Ingestion Surface: The skill processes external data via documentation fetching tools. While this is a common pattern for AI agents to acquire up-to-date information, the risk is mitigated here by targeting only trusted, well-known Microsoft documentation domains. No sanitization logic is explicitly detailed in the markdown, but the reliance on trusted sources is a robust baseline.
Audit Metadata