The Agent Skills Directory

Identity-Based Security Model: The skill prioritizes security by mandating the use of Azure Managed Identities and Role-Based Access Control (RBAC). It explicitly instructs against hardcoding API keys or connection strings, which significantly reduces the risk of credential exposure.
Controlled Output Environment: All migration activities are isolated within a dedicated output directory. This ensures that original source files remain unchanged and provides a clear boundary for generated content.
Mandatory User Confirmation: A core safety rule requires explicit user approval via the ask_user tool before any destructive actions are performed, such as deleting local files or deploying to cloud environments.
Utilization of Trusted Resources: The skill references official Microsoft SDKs and development tools, such as the Azure Developer CLI and @azure libraries. These resources are standard for the intended workflow and originate from the trusted vendor.
Data Ingestion and Analysis Surface: The skill processes existing cloud infrastructure code, which involves reading untrusted data from the workspace. * Ingestion points: The skill reads source code, templates (SAM, CloudFormation), and configuration files (package.json, requirements.txt) from the source directory. * Boundary markers: The skill relies on a sequential multi-phase workflow (Assessment before Migration) to allow users to review the planned changes in a dedicated assessment report. * Capability inventory: The skill uses file-writing capabilities to generate reports and code, and uses MCP tools to fetch design patterns. * Sanitization: While the skill does not perform automated sanitization of the input code, the requirement for the user to review the assessment report before proceeding provides a necessary manual verification step.

azure-cloud-migrate