azure-env-builder

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references and provides commands to download infrastructure management tools from well-known and trusted sources. Specifically, it includes the official Flux CD installation script (fluxcd.io) and the Microsoft Azure CLI installation script (aka.ms). These are standard operations for setting up a Cloud Native environment and align with the skill's primary purpose.
  • [COMMAND_EXECUTION]: The skill uses PowerShell (pwsh) and Azure CLI (az) to automate resource scaffolding, validation (What-If analysis), and deployment. These capabilities are essential for its functionality as an infrastructure-as-code (IaC) builder and are documented clearly in the workflow.
  • [DYNAMIC_EXECUTION]: The script scripts/scaffold_environment.ps1 generates environment-specific Bicep templates, configuration JSONs, and deployment PowerShell scripts at runtime. This dynamic generation is a core feature of the scaffolding process and uses local templates included in the skill package.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided requirements to generate infrastructure definitions. While it lacks explicit boundary markers in the prompt instructions to isolate untrusted data, the risk is mitigated as the resulting artifacts (Bicep and scripts) are intended for human review and local execution within the user's Azure environment.
  • [CREDENTIALS_SAFE]: The skill explicitly promotes secure credential management. It provides templates for CI/CD pipelines (GitHub Actions and Azure Pipelines) that utilize platform-native secret stores (secrets.AZURE_CREDENTIALS) and demonstrates how to link services using Azure Key Vault references and Managed Identities instead of hardcoding secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 06:41 PM
Security Audit — agent-trust-hub — azure-env-builder