Ignore Azure Resource IDs in CLI Security Checks #1182
Description
Describe the feature or problem you'd like to solve
Issue Description: The Copilot CLI security check incorrectly flags Azure resource IDs passed to az commands as potential local file system access. Because Azure resource IDs contain forward slashes (for example, /subscriptions/.../resourceGroups/.../providers/...), the CLI interprets them as file paths and triggers a security prompt. In reality, these values are simple string arguments sent to Azure services over the network and are not used to access any local files or directories. This results in false positives that confuse users and add unnecessary friction when running valid Azure CLI commands.
Proposed solution
We’re seeing false positives in the Copilot CLI security check when az commands include Azure resource IDs (e.g., /subscriptions/.../resourceGroups/...). The security system interprets these as local file paths due to forward slashes, even though they are just string parameters sent to Azure APIs.
The CLI should ignore or whitelist Azure resource ID patterns for az commands, or only trigger security prompts when an argument is actually used for local file system access. This would reduce unnecessary prompts, avoid user confusion, and better align warnings with real risk.
Example prompts or workflows
No response
Additional context
No response