Azure Compliance & Security Auditing

Name: azure-skills/azure-compliance
Author: microsoft

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

40Medium

The skill risks command injection by executing external tools with potentially unsanitized user input.

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Azure Compliance & Security Auditing: | Property | Details | |---|---| | Best for | Compliance scans, security audits, Key Vault expiration checks | | Primary capabilities | Comprehensive Resources Assessment, Key Vault Expiration Monitoring | | MCP tools | azqr, subscription and resource group listing, Key Vault item inspection |

Actually does

The skill utilizes internal MCP tools to execute `azqr` for comprehensive Azure resource assessments, list Azure subscriptions and resource groups, and inspect Azure Key Vault. It retrieves metadata for Key Vault keys, secrets, and certificates, specifically checking for expiration dates.

Threat Analysis

AI Agent Traps ↗Scanned 4/14/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction1 finding

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namemicrosoft/azure-skills/azure-compliance

Registrygithub

Version3d8788273dee

PURLpkg:github/microsoft/azure-skills@3d8788273dee?skill=azure-compliance

Stars633

Installs174,500

Source

Repository ↗SKILL.md ↗

SHA-2568c0c3e4c8041...

SHA-1815ea5bc9e95...

MD522ab12a4f205...

TLSH38a15687471d...

ssdeep96:IH+jNA5mA...

Size4,739 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/microsoft/azure-skills/tree/main/skills/azure-compliance

174,500 installs

Claude CodeDocs

/plugin marketplace add microsoft/azure-skills

/plugin install azure-compliance@microsoft/azure-skills

Gemini CLIDocs

gemini extensions install https://github.com/microsoft/azure-skills.git --consent

Skills.shDocs

npx skills add https://github.com/microsoft/azure-skills --skill azure-compliance

Assessments (1)

AI Agent Traps ↗

Execution of external compliance tool (`azqr`)mediumcommand execution

The skill is designed to run the `azqr` compliance tool. While `azqr` is legitimate, executing external command-line tools introduces a risk of command injection if user input is passed unsanitized, or if the tool itself has exploitable vulnerabilities.

70% confidenceline 58

`mcp_azure_mcp_extension_azqr`

Dependencies (1)

azure.claude-plugin/marketplace.jsonnot scanned

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-compliance.svg)](https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-compliance)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-compliance"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-compliance.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-compliance.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow