Security Audit
azure-resource-manager-postgresql-dotnet
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
azure-resource-manager-postgresql-dotnet received a trust score of 84/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 4 findings: 0 critical, 0 high, 2 medium, and 2 low severity. Key findings include Hardcoded Password in Example Code, Broad Firewall Rule for Azure Services, Hardcoded Password in Connection String Example.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Hardcoded Password in Example Code The example code for creating a PostgreSQL Flexible Server includes a hardcoded administrator password ('YourSecurePassword123!'). While this is an example, it promotes insecure practices and could lead to credentials being exposed if copied directly into a production skill or application. Passwords should be managed securely, for instance, via environment variables, Azure Key Vault, or secure input mechanisms. Replace hardcoded passwords with secure retrieval methods (e.g., environment variables, Azure Key Vault, or interactive prompts). Emphasize that this is for example purposes only and not for production use. | LLM | SKILL.md:70 | |
| MEDIUM | Hardcoded Password in Connection String Example The example Npgsql connection string includes a hardcoded password ('YourSecurePassword123!'). This reinforces the insecure practice of embedding sensitive credentials directly in code. The subsequent example using an Entra ID token is a much more secure approach. Remove the hardcoded password from the example connection string. Instead, instruct users to retrieve passwords securely (e.g., from environment variables or a secrets manager) or strongly recommend the Entra ID token-based authentication method. | LLM | SKILL.md:307 | |
| LOW | Broad Firewall Rule for Azure Services The example for configuring firewall rules includes a rule to allow access from '0.0.0.0' to '0.0.0.0', which is described as 'AllowAllAzureServicesAndResourcesWithinAzureIps'. While this is a legitimate Azure feature to allow Azure services to access the database, it is a very broad rule. If not combined with other network security measures (like private endpoints), it could potentially expose the database to a wider range of Azure services than intended, increasing the attack surface. Advise users to use private endpoints for secure and granular network access where possible. If the 'Allow Azure services' rule is necessary, clearly state its implications and recommend combining it with other network security controls. | LLM | SKILL.md:120 | |
| LOW | Unpinned Package Dependencies The `dotnet add package` commands in the installation section do not specify exact versions for the `Azure.ResourceManager.PostgreSql` and `Azure.Identity` packages. This means that building the skill at different times could pull different versions of these packages, potentially introducing breaking changes, new vulnerabilities, or unexpected behavior. While the document mentions a 'Current Version', it's not enforced. Pin package versions in the `dotnet add package` commands (e.g., `dotnet add package Azure.ResourceManager.PostgreSql --version 1.2.0`) to ensure deterministic builds and prevent unexpected updates. Alternatively, provide a `csproj` file with explicit package references. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/4432e1a0d823eda3)
Powered by SkillShield