azure-env-builder
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads official software packages, such as the .NET Hosting Bundle and Docker components, from well-known and trusted domains (microsoft.com and docker.com).
- [REMOTE_CODE_EXECUTION]: Automated initialization scripts for virtual machines execute the official Azure CLI installation script from a trusted Microsoft-owned short URL (aka.ms).
- [COMMAND_EXECUTION]: Utilizes local PowerShell scripts (
scaffold_environment.ps1,validate_bicep.ps1) and the Azure CLI (az) to automate resource group creation, template validation, and infrastructure deployment. - [PROMPT_INJECTION]: The scaffolding process ingests user-provided environment and location names to construct file paths; while this represents a potential surface for path traversal, it is documented as standard behavior for this type of automation tool.
- [SAFE]: The skill promotes secure engineering practices, such as utilizing GitHub Secrets for service principal credentials and leveraging Managed Identities for authentication between Azure services.
Audit Metadata