azure-deploy

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [External Software Installation]: The skill includes instructions to download and execute an installation script for the Azure Developer CLI from a vendor-controlled domain. While executing remote scripts involves a degree of trust in the source, this is a standard method provided by the vendor for tool setup.
  • Evidence: curl -fsSL https://aka.ms/install-azd.sh | bash in references/sdk/azd-deployment.md.
  • [Deployment Automation Scripts]: The skill provides templates for automation scripts (e.g., for database migrations) that are written to the local filesystem and then executed. Generating and running scripts at runtime is a powerful capability that, in this context, is used to streamline the deployment process for common application frameworks.
  • Evidence: Scripts located in references/recipes/azd/scripts/.
  • [Cloud Infrastructure Management]: The skill performs command execution using cloud management tools to create or modify resources. Managing cloud infrastructure involves significant permissions, so the skill includes safeguards such as requiring explicit user confirmation before any destructive actions are performed.
  • Evidence: Rules in SKILL.md and references/global-rules.md.
  • [Project Configuration Analysis]: The skill reads and processes configuration files (like deployment plans) to select the appropriate deployment strategy. Processing external data to drive execution logic is an attack surface for indirect instructions, although here it is used to ensure the deployment matches the previously validated project plan.
  • Evidence: Step 1 in SKILL.md reads .azure/deployment-plan.md.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 01:38 AM