The Agent Skills Directory

Resource Access Control: The skill promotes strong security governance by recommending the use of separate workspaces for each medallion layer (Bronze, Silver, Gold). This facilitates granular Role-Based Access Control (RBAC), ensuring that ingestion tools, data engineers, and business analysts have access only to the data layers necessary for their roles.
Network Security Constraints: A notable security feature is the explicit instruction to avoid reading directly from external HTTP/HTTPS URLs within Spark jobs. Instead, the skill directs users to land data in a secure lakehouse staging area first. This design helps prevent data exfiltration and ensures that all data entering the environment is managed through governed Fabric ingestion channels.
Data Integrity and Validation: The skill emphasizes data quality enforcement during the transition between the Bronze and Silver layers. By recommending deduplication, null handling, and schema validation, it reduces the risk of data corruption and ensures the reliability of downstream analytics.
Secure Credential Management: The skill references standard authentication patterns using the Azure CLI (az login and az rest). It avoids hardcoding secrets or identifiers, instead instructing the agent to discover workspace and item IDs dynamically via the Fabric REST API.
Automated Update Mechanisms: The inclusion of a session-based update check ensures that the agent is using the latest validated patterns and security guidelines from the Microsoft repository, minimizing the risk of using deprecated or insecure configurations.
Governed Deployment Patterns: The deployment of notebooks and semantic models follows the official Fabric REST API lifecycle. The skill provides specific technical requirements for .ipynb file structures to ensure successful and predictable code execution within the managed Spark environment.

e2e-medallion-architecture