The Agent Skills Directory

[Identity and Access Management]: The skill implements a dual-authentication strategy that prioritizes the use of DefaultAzureCredential. This approach facilitates Role-Based Access Control (RBAC) via Azure Managed Identities, which is the recommended practice for securing cloud resources without hardcoding credentials.
[Query Security]: A core security requirement specified in the skill is the mandatory use of parameterized queries for all NoSQL operations. This is a standard and effective mitigation against injection vulnerabilities by ensuring that input parameters are never treated as part of the executable query string.
[Local Development Defaults]: The client configuration includes a hardcoded account key. This value is the standard, well-known credential for the local Cosmos DB emulator. The documentation explicitly identifies this for development use only and provides clear instructions for transitioning to more secure authentication methods in deployed environments.
[Data Validation Architecture]: The implementation follows a multi-tier Pydantic model pattern. This design ensures that all data ingested from external sources or the database is strictly validated and sanitized against a defined schema before being processed by the application logic.
[Secure Configuration Practices]: The skill recommends using environment variables and .env files for configuration management via pydantic-settings. This is a standard practice for separating configuration from code and managing environment-specific secrets securely.

azure-cosmos-db-py