documentdb-local-deployment
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches local development container images from official Microsoft repositories on GitHub Container Registry (ghcr.io/microsoft/documentdb) and Microsoft Artifact Registry (mcr.microsoft.com/cosmosdb).
- [COMMAND_EXECUTION]: Outlines standard Docker and Docker Compose commands for local environment setup. It correctly recommends binding ports to 127.0.0.1 to limit access to the local machine.
- [CREDENTIALS_UNSAFE]: Includes the well-known default password for the DocumentDB local image ('Admin100!') in example connection strings and Docker commands. This is used for instructional purposes for local development environments.
- [SAFE]: The skill provides robust guidance on secret management, explicitly advising against committing secrets to source control and using environment-driven configuration (.env files) to maintain security between local and production environments.
- [SAFE]: Instructions correctly guide developers to enable TLS validation by default and only use certificate relaxation flags when explicitly opted-in for local self-signed certificates.
Audit Metadata