azure-deploy
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (LOW): Reference documentation in 'references/sdk/azd-deployment.md' provides a 'curl | bash' command for installing the Azure Developer CLI via aka.ms. While typically a high-risk pattern, it is rated as LOW because the source is an official Microsoft installer link and the skill logic favors managed MCP tools for tool installation.
- [COMMAND_EXECUTION] (LOW): The skill relies on significant command-line execution (azd, az, terraform, func). This is the core functionality and is mitigated by the 'global-rules.md' which enforces the use of 'ask_user' for all destructive or identity-altering commands.
- [PROMPT_INJECTION] (LOW): The skill ingests untrusted configuration files which constitutes an indirect prompt injection surface (Category 8). Evidence: (1) Ingestion points: reads 'azure.yaml', '.azure/plan.md', and 'infra/' templates. (2) Boundary markers: no specific LLM-level delimiters or validation instructions are implemented for file content. (3) Capability inventory: the agent has permissions to execute cloud resource provisioning and deletion. (4) Sanitization: configuration values are used in CLI commands without explicit escaping.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard Azure SDK packages (azure-identity, @azure/identity) from public, trusted registries.
Audit Metadata