azure-resource-manager-cosmosdb-dotnet
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [Secure Authentication Practices]: The skill consistently recommends the use of
DefaultAzureCredentialfrom theAzure.Identitypackage. This is a security best practice that enables the use of Managed Identities and avoids the need for local secrets during development and production. - [Secret Management Guidance]: The documentation includes explicit acceptance criteria that forbid hardcoding credentials or logging sensitive information such as account keys and connection strings. This proactive guidance helps prevent accidental data exposure.
- [Trusted Dependencies]: The skill utilizes official Microsoft Azure SDK packages (
Azure.ResourceManager.CosmosDB,Azure.Identity). These are well-maintained, versioned, and sourced from a trusted organization, minimizing supply chain risks. - [Indirect Prompt Injection Surface]: The skill provides patterns for creating stored procedures, triggers, and User Defined Functions (UDFs) which involve passing JavaScript code as strings.
- Ingestion points: Code bodies in
references/sql-resources.md(e.g.,CosmosDBSqlStoredProcedureResourceInfo). - Boundary markers: The examples use string literals; additional delimiters are recommended when interpolating user-provided logic.
- Capability inventory: The SDK allows full management plane control, including resource creation, deletion, and key retrieval.
- Sanitization: The skill focuses on SDK usage; implementers should ensure that any dynamically generated code strings are validated before being sent to the Azure Resource Manager API.
Audit Metadata