azure-cloud-migrate
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- Identity-First Authentication: The skill emphasizes the use of Managed Identities and
DefaultAzureCredentialover hardcoded API keys or connection strings. This is a robust security practice that reduces the risk of credential exposure. - User Confirmation for Destructive Actions: A mandatory policy is in place requiring explicit user consent via
ask_userbefore performing any destructive actions, such as deleting files or deploying to production, which helps prevent accidental data loss or unauthorized changes. - Indirect Prompt Injection Surface: Since the skill processes external code (AWS Lambda functions) for migration, there is a theoretical surface for indirect prompt injection if the source code contains malicious instructions in comments or metadata. However, the skill's structured approach to mapping and code generation serves as an inherent mitigation.
- Trusted Resource Usage: The skill references official documentation and templates from well-known and trusted sources, such as Microsoft's official domains and GitHub repositories, ensuring that dependencies and guidance are sourced reliably.
Audit Metadata