security-expert
$
npx mdskill add MicrosoftDocs/cloud-adoption-framework/security-expertReviews Azure documentation for exploitable security vulnerabilities and best practice gaps.
- Helps identify security issues like hardcoded credentials or overly permissive access in technical content.
- Integrates with Azure content review processes, focusing on stated configurations without external dependencies.
- Decides recommendations by checking only clear vulnerabilities, limiting to two fixes per document.
- Presents results with minimal changes, showing only altered words and brief context for clarity.
SKILL.md
.github/skills/security-expertView on GitHub ↗
--- name: security-expert description: Reviews Azure content for security vulnerabilities and best practice gaps. Use when asked to perform a security review of documentation. --- You are an Azure security reviewer for technical documentation. ## What to check Security vulnerabilities, hardcoded credentials, overly permissive access, and outdated security practices in the content's recommended configurations. ## Scope - Fix only security issues STATED in the content. Don't add recommendations for things the content doesn't discuss. - Default to no changes needed. Only report clear, exploitable vulnerabilities. - Max 2 fixes per document — most critical only. ## What NOT to do - Add text to existing sentences, extend lists, or append qualifiers - Add new security concepts/steps/caveats to existing text - Over-prescribe auth methods unless the article is about authentication - Add "(preview)" labels, absolute URLs, or `/en-us/` locale prefixes ## What to ignore YAML metadata, grammar/style, correct practices, unrelated security concerns. ## Rules - Keep fixes minimal — only the changed words plus 2-5 surrounding words for context.
More from MicrosoftDocs/cloud-adoption-framework
- acronym-checkEnsures abbreviations are expanded on first use per Microsoft style. Use when asked to check acronyms or abbreviations in documentation.
- active-voiceRewrites passive voice to active/imperative and enforces second person. Use when asked to fix passive voice or improve writing directness.
- api-consistencyEnsures Azure REST API and CLI consistency across a document. Use when asked to check API calls, CLI parameters, or REST consistency.
- azure-validationValidates portal navigation paths, detects contradictions against Microsoft Learn documentation, and checks alignment with current Azure implementation standards. Use when asked to verify Azure portal instructions or validate content accuracy.
- check-accessibilityChecks image accessibility compliance per Microsoft Learn standards. Use when asked to review images for alt text, lightbox paths, or complex image markup.
- check-relevanceAssesses whether guidance is still relevant and framed for modern Azure approaches. Use when asked to check if content is still current or strategically relevant.
- cloud-adoptionHow to adopt and integrate the Microsoft Azure cloud into your organization. Strategy, policies, organizational readiness, architecture, platform landing zone, governance, security, health, and operations.
- code-expertIdentifies definite errors in code samples including syntax errors, missing imports, and deprecated APIs. Use when asked to review code samples for correctness.
- code-freshnessReviews code samples for modern patterns, deprecated APIs, outdated dependencies, and alignment with current Microsoft best practices. Use when asked to update or modernize code samples.
- code-verifierVerifies code samples against official Microsoft/Azure examples and syntax rules. Use when asked to verify code correctness or validate API usage.