microsoft-foundry
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- External Resource Fetching: The skill downloads agent samples and infrastructure templates from official Microsoft-managed GitHub repositories (e.g., microsoft-foundry/foundry-samples and Azure-Samples). These are trusted sources used to initialize project structures and provision resources.
- Infrastructure Management via CLI: It utilizes standard Azure CLI (
az) and Azure Developer CLI (azd) commands to create resource groups, Foundry projects, and Cognitive Services accounts. These operations are essential for the skill's purpose of managing Azure environments. - Containerization and Deployment Workflow: The workflow includes generating Dockerfiles, building images using Azure Container Registry (ACR), and deploying hosted agents. These tasks involve executing bash commands and Docker builds to package agent logic for the Foundry platform.
- Data-Driven Evaluation and Monitoring: The skill guides the creation of Python scripts to retrieve and analyze agent traces from Application Insights. It uses the Azure AI Projects SDK to manage evaluation results, ensuring performance analysis is handled through official channels.
- Security and Access Control: The instructions emphasize the use of Managed Identity and Role-Based Access Control (RBAC) in production environments. It includes specific checks to verify permissions like 'Azure AI User' before attempting agent invocations.
- Human-in-the-Loop Verification: For workflows involving data harvesting (e.g., turning traces into test cases), the skill enforces a mandatory human review step before any data is committed to local datasets or cloud resources.
Audit Metadata