azure-deploy
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Official Tool Installation: The skill references a shell script installation method for the Azure Developer CLI (azd) originating from a trusted Microsoft domain (aka.ms). This is a standard and expected procedure for acquiring the primary tool required for the skill's functionality.
- Destructive Action Safeguards: The skill incorporates a strict policy requiring user confirmation ('ask_user') before executing any destructive operations, such as resource group deletion or database modification, ensuring human-in-the-loop control for critical actions.
- Secure Authentication Guidance: Documentation and scripts heavily emphasize the use of Managed Identities and Azure Role-Based Access Control (RBAC) instead of hardcoded credentials. This aligns with industry-standard security practices for cloud identity management.
- Live State Verification: The workflow includes a 'Live Role Verification' step that queries the actual Azure environment to confirm that permissions are correctly applied post-deployment, helping to detect and remediate silent provisioning failures or configuration drift.
- Managed Database Operations: Scripts provided for Entity Framework migrations and SQL access management utilize Entra ID authentication and follow idempotent patterns to ensure database schema updates are handled securely and predictably.
Audit Metadata