microsoft-foundry
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [External Repository Access]: The skill fetches sample code and project templates from official Microsoft GitHub repositories, such as
microsoft-foundry/foundry-samplesandAzure-Samples. These are trusted sources used to provide developers with starting points for agent development. - [Role-Based Access Control Management]: It includes workflows for managing Azure RBAC permissions using the
az role assignmentcommand. These actions are essential for provisioning secure access to AI services, storage, and search resources, and the skill emphasizes the use of built-in roles. - [Software Dependency Management]: The skill installs necessary Python libraries like
azure-ai-projectsandagent-frameworkfrom standard registries. These are official Microsoft SDKs required for interacting with Azure AI services. - [Authentication Best Practices]: The skill provides clear guidance on using
ManagedIdentityCredentialfor production andDefaultAzureCredentialfor local development, emphasizing passwordless connections and secure secret management through environment variables. - [Dynamic Configuration Generation]: It automates the creation of environment-specific files such as
Dockerfileandagent.yaml, which are required for containerizing and deploying hosted agents to the Azure Foundry environment. - [Telemetry and Monitoring]: The skill integrates with Application Insights to provide trace analysis and performance monitoring. It uses KQL queries to help developers diagnose failures and latency in their AI agents, which is a standard part of the observability lifecycle.
Audit Metadata