azure-upgrade
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- Sub-process and Shell Command Execution: The skill utilizes subprocess.run and shell commands such as az, mvn, gradle, and grep to perform environment detection and automate the migration of Azure resources and Java dependencies. These operations are expected for automation and modernization tools and allow the skill to interact with the underlying build system and cloud environment.
- External Content Retrieval: The skill fetches version information and migration guides from official Microsoft sources on GitHub and Microsoft Learn. These resources provide the authoritative data needed to ensure the migration follows current security and architectural standards.
- Automated Build File Modification: The upgrade_bom.py script programmatically updates project configuration files like pom.xml and build.gradle. This process involves the temporary injection of the OpenRewrite plugin to handle dependency management, which is a common practice in automated refactoring.
- Data Ingestion Surface: The skill analyzes local project files, including build configurations and source code. While this represents a surface for indirect prompt injection if the project content is untrusted, the skill focuses on structured migration tasks with clear goals.
Audit Metadata