azure-resource-lookup
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Command Generation and Execution: The skill utilizes a command generation tool to construct
az graph querystrings based on user intent. This allows the agent to interact directly with the Azure CLI to fetch resource data. This is a standard pattern for cloud management tools requiring deep infrastructure visibility. - Extension Installation: The instructions guide the installation of the
resource-graphextension for the Azure CLI. This is an official Microsoft-provided extension required to enable advanced querying capabilities within the environment. - Data Ingestion Surface (Indirect Input): The skill retrieves and processes data from the Azure environment, such as resource names, types, and tags.
- Ingestion points: Resource metadata is retrieved via the
az graph querycommand, as detailed inreferences/azure-resource-graph.md. - Boundary markers: The skill does not explicitly define delimiters to separate resource data from subsequent processing logic.
- Capability inventory: The skill possesses the capability to execute system commands via the Azure CLI (
az) as described inSKILL.md. - Sanitization: There are no explicit sanitization steps mentioned for the data returned from Azure before it is presented or processed further by the agent.
- Read-Only Intent: The skill's logic and constraints are focused on discovery and lookup operations. It includes explicit instructions to avoid using these patterns for resource deployment or modification, which aligns with a least-privilege approach for inventory tasks.
Audit Metadata