The Agent Skills Directory

[Plan-First Workflow]: The skill implements a mandatory planning phase where it generates a .azure/plan.md file detailing all proposed actions. This plan must be approved by the user before the agent proceeds to generate infrastructure or configuration files, ensuring human oversight.
[Credential Security]: Instructions throughout the skill promote the use of Azure Managed Identities and Azure Key Vault. It provides explicit guidance on avoiding hardcoded secrets and connection strings, favoring identity-based authentication (RBAC) which aligns with Zero Trust principles.
[Least Privilege]: The provided infrastructure-as-code (Bicep and Terraform) patterns follow the principle of least privilege, specifically recommending roles like 'Key Vault Secrets User' or 'Storage Blob Data Reader' at the appropriate resource scope.
[User Confirmation]: Global rules mandate the use of ask_user for any potentially destructive or cost-impacting actions, such as resource deletion or subscription selection, preventing accidental or unauthorized changes to the Azure environment.
[Secure Defaults]: The skill recommends secure-by-default configurations for Azure services, including TLS 1.2+ enforcement, HTTPS redirection, and disabling public access to storage accounts.

azure-prepare