Trust Assessment
azd-deployment received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary Shell Command Execution via azure.yaml Hooks.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary Shell Command Execution via azure.yaml Hooks The `azure.yaml` configuration allows defining `hooks` with `shell: sh` and `run: |`, which enables the execution of arbitrary shell commands during various stages of the `azd` deployment lifecycle (e.g., `preprovision`, `postprovision`, `postdeploy`). While the examples provided in the skill are illustrative and generally benign, this mechanism represents a direct command injection vector. If any variables interpolated into these `run` commands (such as `FRONTEND_NAME`, `RG`, `SERVICE_FRONTEND_URI`, `BACKEND_PRINCIPAL_ID`, `OPENAI_RESOURCE_ID`, `SEARCH_RESOURCE_ID`, or any other `azd`-managed environment variables) can be controlled or influenced by an untrusted source (e.g., a malicious user providing crafted environment variable values), an attacker could inject and execute arbitrary shell commands on the system where `azd` is run. This could lead to data exfiltration, system compromise, or unauthorized resource manipulation. 1. **Input Validation and Sanitization**: Strictly validate and sanitize all environment variables and other inputs that are interpolated into `run` commands within `azure.yaml` hooks. Prevent shell metacharacters from being interpreted as commands. 2. **Principle of Least Privilege**: If arbitrary shell execution is necessary, ensure the `azd` execution environment operates with the minimum necessary permissions. 3. **Avoid Arbitrary Shell**: Where possible, prefer using `azd`'s built-in capabilities or specific, constrained tools instead of raw shell commands for sensitive operations. If a specific `az` CLI command is needed, consider if `azd` offers a more controlled way to achieve the same outcome. 4. **Review Variable Sources**: Understand the source and trust level of all variables used in hooks. Variables derived from user input or external systems should be treated as untrusted. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/843cbbf3debbed8d)
Powered by SkillShield