azure-cloud-migrate
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [Identity-First Authentication Model]: The skill strictly enforces an identity-first approach to security, guiding the user to utilize Managed Identities and identity-linked storage connections. It explicitly advises against the use of connection strings and hardcoded API keys to mitigate the risk of credential exposure.
- [Secure Workflow Management]: A global policy requires the agent to seek explicit user confirmation via a specialized tool before performing destructive actions, such as deleting directories or deploying resources to production environments.
- [Data Processing and Code Generation]: The skill analyzes existing cloud infrastructure code (untrusted data) to generate Azure-equivalent code. This represents a functional surface for indirect prompt injection where patterns in the source code might influence the migration output. This risk is minimized by the skill's structured approach and focus on standard Azure programming models.
- Ingestion points: Local workspace files including AWS Lambda handlers and cloud templates (e.g., SAM, CloudFormation).
- Boundary markers: None explicitly defined between user code and migration logic.
- Capability inventory: The skill has file system write access to create the migrated project structure.
- Sanitization: No specific validation of the source code content is performed.
- [Use of Official Vendor Resources]: The skill references trusted resources from Microsoft, including official documentation on learn.microsoft.com and sample repositories within the Azure-Samples organization on GitHub.
Audit Metadata