azure-deploy
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [External Software Installation]: The skill includes instructions to download and execute an installation script for the Azure Developer CLI from a vendor-controlled domain. While executing remote scripts involves a degree of trust in the source, this is a standard method provided by the vendor for tool setup.
- Evidence:
curl -fsSL https://aka.ms/install-azd.sh | bashinreferences/sdk/azd-deployment.md. - [Deployment Automation Scripts]: The skill provides templates for automation scripts (e.g., for database migrations) that are written to the local filesystem and then executed. Generating and running scripts at runtime is a powerful capability that, in this context, is used to streamline the deployment process for common application frameworks.
- Evidence: Scripts located in
references/recipes/azd/scripts/. - [Cloud Infrastructure Management]: The skill performs command execution using cloud management tools to create or modify resources. Managing cloud infrastructure involves significant permissions, so the skill includes safeguards such as requiring explicit user confirmation before any destructive actions are performed.
- Evidence: Rules in
SKILL.mdandreferences/global-rules.md. - [Project Configuration Analysis]: The skill reads and processes configuration files (like deployment plans) to select the appropriate deployment strategy. Processing external data to drive execution logic is an attack surface for indirect instructions, although here it is used to ensure the deployment matches the previously validated project plan.
- Evidence: Step 1 in
SKILL.mdreads.azure/deployment-plan.md.
Audit Metadata