Skills
skills/pulumi/agent-skills/pulumi-arm-to-pulumi/Gen Agent Trust Hub

pulumi-arm-to-pulumi

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for executing shell commands using the az (Azure CLI), pulumi, and jq tools. These operations are intended for resource discovery, configuration management, and infrastructure-as-code deployment, aligning with the primary purpose of the skill.
  • [EXTERNAL_DOWNLOADS]: The skill references official documentation and resources from well-known domains including pulumi.com and microsoft.com. These references are informative and originate from trusted providers.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by processing external ARM templates provided by users. Ingestion points: template.json (SKILL.md). Boundary markers: Absent. Capability inventory: Execution of az and pulumi CLI tools across SKILL.md and arm-import.md. Sanitization: Absent; the skill relies on jq for extracting specific properties from the JSON structure without explicit validation of content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 09:00 AM