Trust Assessment
azure-image-builder received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Service Principal with Broad Contributor Role.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 339a1139). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Service Principal with Broad Contributor Role The skill recommends creating an Azure Service Principal with the `Contributor` role scoped to the entire subscription (`/subscriptions/<subscription-id>`). The `Contributor` role grants broad permissions to manage all resources within the subscription, which violates the principle of least privilege. While convenient for setup, this can lead to significant security risks if the service principal's credentials are compromised, as an attacker would gain extensive control over the Azure subscription. Recommend using a custom role with the minimum necessary permissions for Packer operations, or scope the `Contributor` role to specific resource groups that Packer needs to manage, rather than the entire subscription. Provide guidance on how to define such a custom role or limit the scope. | Static | SKILL.md:96 |
Scan History
Embed Code
[](https://skillshield.io/report/9d734acc33c92afa)
Powered by SkillShield