Security Audit
azure-mgmt-apimanagement-dotnet
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
azure-mgmt-apimanagement-dotnet received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Sensitive API Key Printed to Console, Broad Azure API Management Management Scope, Unpinned .NET Package Dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sensitive API Key Printed to Console The skill documentation provides a C# code example that explicitly prints the `PrimaryKey` of an Azure API Management subscription to the console using `Console.WriteLine`. If an AI agent were to directly execute or generate code based on this example, it would expose a sensitive credential, potentially leading to unauthorized access to the API Management subscription. Advise against printing sensitive keys to standard output. Instead, store them securely in a secrets management system, use them directly in memory, or ensure they are only logged to secure, audited logging systems with appropriate access controls. | LLM | SKILL.md:170 | |
| INFO | Broad Azure API Management Management Scope The skill, based on the Azure Resource Manager SDK for API Management, provides access to a wide range of management plane operations, including creating, updating, and deleting services, APIs, products, subscriptions, users, groups, and policies. While this reflects the intended capabilities of the underlying SDK, it means an AI agent utilizing this skill would require extensive permissions to an Azure subscription. Users integrating this skill must apply the principle of least privilege and ensure the agent's Azure identity is scoped only to the necessary resources and actions to prevent potential over-privileged access. Implement Azure Role-Based Access Control (RBAC) with the principle of least privilege for the identity used by the AI agent. Grant only the specific permissions required for the agent's intended tasks within Azure API Management, rather than broad contributor or owner roles. | LLM | SKILL.md:1 | |
| INFO | Unpinned .NET Package Dependencies The installation instructions use `dotnet add package` without specifying a version for `Azure.ResourceManager.ApiManagement` and `Azure.Identity`. This will default to pulling the latest stable version of these packages. While convenient for initial setup, it introduces a supply chain risk where future updates to these packages (e.g., breaking changes, or in a worst-case scenario, a compromised package) could unexpectedly affect the skill's behavior or introduce vulnerabilities without explicit review. The skill mentions 'Current Version: v1.3.0' but does not enforce it in the installation command. Recommend pinning specific versions for production deployments to ensure reproducibility and mitigate risks from unexpected updates. For example, `dotnet add package Azure.ResourceManager.ApiManagement --version 1.3.0`. | LLM | SKILL.md:12 |
Scan History
Embed Code
[](https://skillshield.io/report/163b6707bbfa8714)
Powered by SkillShield