Security Audit
azd-deployment
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
azd-deployment received a trust score of 48/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via azure.yaml hooks, Excessive Permissions from arbitrary shell execution in azure.yaml hooks.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via azure.yaml hooks The skill documentation describes `azure.yaml` `hooks` which allow arbitrary shell commands to be executed during `azd` lifecycle events (`preprovision`, `postprovision`, `postdeploy`). If an LLM generates or modifies `azure.yaml` files based on untrusted user input, and this input is interpolated into the `run: |` blocks of these hooks without proper sanitization, it could lead to command injection. Malicious commands could be executed on the host system where `azd` is run, potentially leading to data exfiltration, system compromise, or unauthorized resource manipulation. When generating `azure.yaml` files, ensure that any user-provided input intended for `run: |` blocks is strictly validated and sanitized to prevent injection of arbitrary shell commands. Consider using safer alternatives or sandboxed execution environments if possible. Implement explicit user confirmation for any generated commands that modify system state or execute external processes. | Static | SKILL.md:70 | |
| MEDIUM | Excessive Permissions from arbitrary shell execution in azure.yaml hooks The `azure.yaml` `hooks` feature, as described, allows the execution of arbitrary shell commands (`shell: sh`, `run: |`). This means that any commands executed within these hooks will run with the full permissions of the user account executing `azd`. This capability, while powerful for automation, presents a risk of excessive permissions if not carefully managed. For example, the documentation shows `az role assignment create` commands, which are highly privileged operations. An LLM generating such commands without proper context or user confirmation could lead to unintended privilege escalation or resource modification. When generating or executing `azd` configurations with hooks, ensure that the principle of least privilege is applied. Restrict the permissions of the user or service principal running `azd`. For LLM-generated content, implement strict validation and require explicit user confirmation for commands that involve sensitive operations or privilege changes, especially those related to role assignments or resource deletion. | Static | SKILL.md:190 |
Scan History
Embed Code
[](https://skillshield.io/report/725c0ec0131845f6)
Powered by SkillShield