Skills

bicep

Installation
SKILL.md

Bicep Code Review Rules

Security (Critical)

  • Input Validation: Always escape or validate user-provided strings using regex validation or built-in Bicep functions before using them in resource names, tags, and outputs. Outputs must never directly include untrusted input
  • Comment Hygiene: Never use HTML comments (<!-- -->) or expose template variables (e.g., {{ }}) in outputs, as these can enable injection or phishing attacks
  • Never hardcode secrets, connection strings, or keys
  • Use Key Vault references for secrets
  • Apply least privilege to managed identities
  • Enable diagnostic settings for auditing
  • Use private endpoints where available
  • Enforce encryption at rest for all supported resources
  • Validate Azure Policy compliance for resources
  • Check regulatory standards compliance (HIPAA, PCI-DSS, etc.)
Installs
2
Repository
yldgio/codereview-skills
First Seen
Mar 30, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
bicep — yldgio/codereview-skills