40Medium
The skill exposes Azure CLI commands
Behavior Analysis
Mismatch detected — The skill's stated purpose and description claim support for Azure OpenAI, Document Intelligence, and OCR capabilities. However, the provided 'MCP Server (Preferred)' section only includes concrete tool calls for Azure AI Search and Azure AI Speech, lacking direct commands for OpenAI, Document Intelligence, or explicit OCR functions.
Claims to do
Azure AI Services: | Service | Use When | MCP Tools | CLI | |---------|----------|-----------|-----| | AI Search | Full-text, vector, hybrid search | `azure__search` | `az search` | | Speech | Speech-to-text, text-to-speech | `azure__speech` | - | | OpenAI | GPT models, embeddings, DALL-E | - | `az cognitiveservices` | | Document Intelligence | Form extraction, OCR | - | - |
Actually does
This skill uses the `azure__search` tool to list, get details for, and query search indexes. It also uses the `azure__speech` tool to transcribe speech to text and synthesize text to speech. It provides links to Microsoft documentation for various Azure AI services.
Skill Info
Namemicrosoft/azure-skills/azure-ai
Registrygithub
Versioneb84d07b5490
PURLpkg:github/microsoft/azure-skills@eb84d07b5490?skill=azure-ai
Stars849
Installs293,200
Source
SHA-2569060994a74a9...
SHA-153de769b1978...
MD55d7ece76f796...
TLSH2361116f3c21...
Size3,268 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (2)
AI Agent Traps ↗Potential for external CLI command executionmediumcommand execution
The skill content explicitly lists external Azure CLI commands (`az search`, `az cognitiveservices`) that an agent might be instructed to execute. If the agent's execution environment allows direct execution of these commands with unsanitized user input, it could introduce command injection vulnerabilities.
70% confidenceline 16
CLI | `az search` CLI | `az cognitiveservices`
Description Mismatchmediumdescription mismatch
The skill's stated purpose and description claim support for Azure OpenAI, Document Intelligence, and OCR capabilities. However, the provided 'MCP Server (Preferred)' section only includes concrete tool calls for Azure AI Search and Azure AI Speech, lacking direct commands for OpenAI, Document Intelligence, or explicit OCR functions.
85% confidence
Claimed purpose and 'Services' table list OpenAI and Document Intelligence. 'AI Search Capabilities' mentions OCR. 'MCP Server (Preferred)' section only lists commands for `azure__search` and `azure__speech`.
Version History (2)
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-ai)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-ai"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-ai.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-ai.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow