azure-mgmt-botservice-py
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [Secure Authentication Patterns]: The skill consistently demonstrates the use of
DefaultAzureCredential, which is the industry standard for secure Azure authentication. This approach avoids the risks associated with embedding API keys or service principal secrets directly in code or prompts. - [Credential Management]: Code examples use environment variables (e.g.,
os.environ["AZURE_SUBSCRIPTION_ID"]) and clear placeholders (e.g.,<your-app-id>) for sensitive configuration. The documentation explicitly identifies hardcoded credentials as an anti-pattern and recommends the use of Azure Key Vault for production secrets. - [Official Dependency Usage]: The skill utilizes the standard
azure-mgmt-botserviceandazure-identityPython packages. These are official, maintained libraries provided by the service vendor for infrastructure management. - [Sensitive Data Handling]: The operation
list_with_keysis included to retrieve channel credentials. While this is a legitimate administrative function, the skill correctly highlights the importance of rotating these keys periodically and securing the environment where they are processed.
Audit Metadata