azure-best-practices
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily a collection of best practices for cloud infrastructure. It provides secure patterns for authentication (Managed Identity), secret management (Key Vault), and deployment (Workload Identity Federation).
- [SAFE]: Code examples labeled as 'Wrong' contain placeholder credentials (e.g., 'abc123...') which are used correctly for educational purposes to demonstrate insecure patterns and do not represent a credential leak.
- [INDIRECT_PROMPT_INJECTION]: The skill instructs the agent to ingest project-specific configuration from a
LESSONS.mdfile. - Ingestion points: Reads
LESSONS.mdfrom the project root (mentioned in SKILL.md and AGENTS.md). - Boundary markers: Absent; the agent is told to apply the lessons alongside provided rules.
- Capability inventory: The agent can generate and execute Bicep templates, Python scripts using Azure SDKs, and Azure CLI commands.
- Sanitization: Absent; the agent relies on the content of the project root being trusted.
Audit Metadata