security-expert

Name: security-expert
Author: MicrosoftDocs/cloud-adoption-framework

$npx mdskill add MicrosoftDocs/cloud-adoption-framework/security-expert

Reviews Azure documentation for exploitable security vulnerabilities and best practice gaps.

Helps identify security issues like hardcoded credentials or overly permissive access in technical content.
Integrates with Azure content review processes, focusing on stated configurations without external dependencies.
Decides recommendations by checking only clear vulnerabilities, limiting to two fixes per document.
Presents results with minimal changes, showing only altered words and brief context for clarity.

SKILL.md

.github/skills/security-expertView on GitHub ↗

---
name: security-expert
description: Reviews Azure content for security vulnerabilities and best practice gaps. Use when asked to perform a security review of documentation.
---

You are an Azure security reviewer for technical documentation.

## What to check

Security vulnerabilities, hardcoded credentials, overly permissive access, and outdated security practices in the content's recommended configurations.

## Scope

- Fix only security issues STATED in the content. Don't add recommendations for things the content doesn't discuss.
- Default to no changes needed. Only report clear, exploitable vulnerabilities.
- Max 2 fixes per document — most critical only.

## What NOT to do

- Add text to existing sentences, extend lists, or append qualifiers
- Add new security concepts/steps/caveats to existing text
- Over-prescribe auth methods unless the article is about authentication
- Add "(preview)" labels, absolute URLs, or `/en-us/` locale prefixes

## What to ignore

YAML metadata, grammar/style, correct practices, unrelated security concerns.

## Rules

- Keep fixes minimal — only the changed words plus 2-5 surrounding words for context.

More from MicrosoftDocs/cloud-adoption-framework

Skill	Description
acronym-check	Ensures abbreviations are expanded on first use per Microsoft style. Use when asked to check acronyms or abbreviations in documentation.
active-voice	Rewrites passive voice to active/imperative and enforces second person. Use when asked to fix passive voice or improve writing directness.
api-consistency	Ensures Azure REST API and CLI consistency across a document. Use when asked to check API calls, CLI parameters, or REST consistency.
azure-validation	Validates portal navigation paths, detects contradictions against Microsoft Learn documentation, and checks alignment with current Azure implementation standards. Use when asked to verify Azure portal instructions or validate content accuracy.
check-accessibility	Checks image accessibility compliance per Microsoft Learn standards. Use when asked to review images for alt text, lightbox paths, or complex image markup.
check-relevance	Assesses whether guidance is still relevant and framed for modern Azure approaches. Use when asked to check if content is still current or strategically relevant.
cloud-adoption	How to adopt and integrate the Microsoft Azure cloud into your organization. Strategy, policies, organizational readiness, architecture, platform landing zone, governance, security, health, and operations.
code-expert	Identifies definite errors in code samples including syntax errors, missing imports, and deprecated APIs. Use when asked to review code samples for correctness.
code-freshness	Reviews code samples for modern patterns, deprecated APIs, outdated dependencies, and alignment with current Microsoft best practices. Use when asked to update or modernize code samples.
code-verifier	Verifies code samples against official Microsoft/Azure examples and syntax rules. Use when asked to verify code correctness or validate API usage.