The Agent Skills Directory

Secure Migration Scripting: The skill includes detailed Bash and PowerShell scripts for resource migration. These scripts follow security considerations, such as using temporary files with restricted access (umask 077) and piping secret values directly to prevent exposure in shell history or process listings.
Identity-First Security Model: A core rule of the skill is the 'Identity-First' authentication policy. It consistently directs the agent to configure User Assigned Managed Identities (UAMI) and Azure RBAC instead of using hardcoded API keys or connection strings, which is a significant security best practice.
Hardened Configuration Templates: Infrastructure-as-Code (Bicep) examples provided in the references include security hardening features like enforcing TLS 1.2 minimum versions, HTTPS-only requirements, and disabling local authentication in favor of Microsoft Entra ID.
Structured Security Assessment: The migration workflow requires a mandatory assessment phase. This phase is designed to identify potential security gaps, hardcoded credentials, and service discovery issues in the source code before any migration occurs, ensuring the target architecture is secure by design.

azure-cloud-migrate