Azd Deployment for Azure

Security checks across malware telemetry and agentic risk

Overview

This is mostly legitimate Azure deployment guidance, but it includes a risky ACR admin-password pattern users should review before using.

Install only if you are comfortable reviewing Azure deployment templates before running them. Confirm the active Azure tenant, subscription, resource group, costs, and every azd hook before running azd up. Prefer managed identity with least-privilege AcrPull over the documented ACR admin-password/listCredentials pattern, and back up or verify the target environment before using reset commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The troubleshooting guide documents environment reset and deletion steps without any caution that these commands remove local azd environment state and may disrupt deployments or erase locally stored configuration. In an agent skill context, users may copy commands verbatim, so omission of warnings increases the chance of accidental destructive action.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal