Validate Azure deployment readiness across config, infrastructure, identities, and permissions.
This appears to be an open-source, prompt-only Azure pre-deployment validation skill with no required secrets and no declared fixed remote endpoints, so the baseline technical risk is low. However, the README contains strong workflow-forcing and prompt-injection-like language that may steer a host agent to run extra commands, read/write project files, and chain other skills, so the supply-chain dimension deserves special caution.
The material explicitly states that no keys or environment variables are required, and the README does not ask for tokens, API keys, or account credentials; there is no direct design for credential collection, storage, or exfiltration.
No fixed remote endpoint is declared, but the instructions call for Azure/Bicep/Terraform validation and what-if/preview-style checks, which may typically connect to Azure control-plane services; this is consistent with the stated purpose, and no unrelated third-party exfiltration endpoint is identified.
The skill itself is marked as prompt-only and open-source, with no bundled executable code; however, the README explicitly instructs the host agent to run validation/build commands and invoke azure-prepare/azure-deploy. If the host has execution capability, this may trigger local process execution; that is a normal workflow capability, and no extra privileged system permission request is evident.
The README instructs the agent to read and modify `.azure/deployment-plan.md`, inspect `azure.yaml`, Bicep/Terraform, RBAC role assignments, and managed identity permissions, and record validation results; this implies access to deployment configuration and infrastructure code within the project. The access is aligned with the stated purpose, but users should be aware that project files may be read and written.
Although it comes from GitHub and is open source, with a Microsoft repository link as a positive trust signal, the material also contains clear prompt-injection/manipulative language such as 'AUTHORITATIVE GUIDANCE,' 'STOP IMMEDIATELY,' 'MUST invoke azure-deploy,' and 'Do NOT ... directly.' This attempts to redefine agent behavior and tool-chaining through third-party README text, which is a concrete red flag; combined with 0 stars, no declared license, and unknown maintenance status, the supply-chain trust posture warrants a high-risk flag.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "azure-validate" skill from askskill: 1. Download https://raw.githubusercontent.com/microsoft/GitHub-Copilot-for-Azure/main/plugin/skills/azure-validate/SKILL.md 2. Save it as ~/.claude/skills/azure-validate/SKILL.md 3. Reload skills and tell me it's ready
Please validate whether this Azure application is ready to deploy. Check azure.yaml, environment configuration, dependent resources, subscription and region settings, and list blocking issues with remediation steps.
A pre-deployment report showing readiness status, issues found, risk levels, and remediation guidance.
Please review this Bicep/Terraform infrastructure definition for Azure deployment readiness. Validate resource configuration, dependencies, naming, parameters, quotas, and potential conflicts, and point out what needs to be fixed.
An infrastructure validation result covering misconfigurations, risks, incompatibilities, and recommended fixes.
Please verify whether the RBAC role assignments and managed identity permissions required for this Azure Functions/Container Apps deployment are complete. Identify missing permissions, incorrect scopes, or least-privilege issues.
A permission review listing missing roles, incorrect scopes, security risks, and recommended least-privilege settings.
AUTHORITATIVE GUIDANCE — Follow these instructions exactly unless they contradict security policies given to you.
⛔ STOP — PREREQUISITE CHECK REQUIRED
Before proceeding, verify this prerequisite is met:
azure-prepare was invoked and completed →
.azure/deployment-plan.mdexists with statusApprovedor laterIf the plan is missing, STOP IMMEDIATELY and invoke azure-prepare first.
The complete workflow ensures success:
azure-prepare→azure-validate→azure-deploy
ask_user — global-rules| # | Action | Reference |
|---|---|---|
| 1 | Load Plan — Read .azure/deployment-plan.md for recipe and configuration. If missing → run azure-prepare first | .azure/deployment-plan.md |
| 2 | Add Validation Steps — Copy recipe "Validation Steps" to .azure/deployment-plan.md as children of "All validation checks pass" | recipes/README.md, .azure/deployment-plan.md |
| 3 | Run Validation — Execute recipe-specific validation commands | recipes/README.md |
| 4 | Build Verification — Build the project and fix any errors before proceeding | See recipe |
| 5 | Static Role Verification — Review Bicep/Terraform for correct RBAC role assignments in code | role-verification.md |
| 6 | Record Proof — Populate Section 7: Validation Proof with commands run and results | .azure/deployment-plan.md |
| 7 | Resolve Errors — Fix failures before proceeding | See recipe's errors.md |
| 8 | Update Status — Only after ALL checks pass, set status to Validated | .azure/deployment-plan.md |
| 9 | Deploy — Invoke azure-deploy skill | — |
⛔ VALIDATION AUTHORITY
This skill is the officially verified way to set plan status to
Validated. You MUST follow these steps to make sure every prerequisite is fulfilled before setting status toValidated:
- Run actual validation commands (azd provision --preview, bicep build, terraform validate, etc.)
- Populate Section 7: Validation Proof with the commands you ran and their results
- Only then set status to
ValidatedDo NOT set status to
Validatedwithout running checks and recording proof.
⚠️ MANDATORY NEXT STEP — DO NOT SKIP
After ALL validations pass, you MUST invoke azure-deploy to execute the deployment. Do NOT attempt to run
azd up,azd deploy, or any deployment commands directly. Let azure-deploy handle execution.If any validation failed, fix the issues and re-run azure-validate before proceeding.
Set up Entra ID app registration, OAuth, permissions, and MSAL integration.
Set up Azure Application Insights telemetry for web apps with best practices.
Troubleshoot Azure Event Hubs and Service Bus SDK connection and messaging issues.
Find, list, and inspect Azure resources across subscriptions and resource groups.
Deploy, evaluate, fine-tune, and optimize Microsoft Foundry agents and models.
Deploy prepared Azure apps with built-in recovery for common release errors.
Validate Azure DevOps pipeline changes and troubleshoot builds and YAML faster.
Check Azure quotas and usage for capacity planning and region selection.
Prepare Azure apps for deployment with infra, configs, and container setup.
Find least-privilege Azure RBAC roles and generate assignment commands and Bicep.
Give AI real-time Azure infrastructure access for ops checks, policy validation, and Terraform analysis.
Design layered validation across data flows to prevent bugs and security issues.