Azure Cost Management Skill

Name: azure-skills/azure-cost
Author: microsoft

Share on X Share on LinkedIn Share on Bluesky

40Medium

External markdown files for core workflows introduce a supply chain risk, enabling arbitrary code execution if compromised.

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Azure Cost Management Skill: Unified skill for all Azure cost management tasks: querying historical costs, forecasting future spending, and optimizing to reduce waste.

Actually does

This skill queries Azure Cost Management API endpoints (`/query`, `/forecast`) using `az rest` to retrieve historical costs and forecast future spending. It also uses `az monitor metrics list` and `az resource list` to gather data for cost optimization. Additionally, it leverages internal tools like `azure__documentation`, `azure__extension_cli_generate`, `azure__get_azure_bestpractices`, `azure__extension_azqr`, and `azure__aks` to assist with analysis, command generation, and identifying optimization opportunities.

Threat Analysis

AI Agent Traps ↗Scanned 4/14/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlActionclean

SystemicMulti-Agent Dynamics1 finding

Human-in-the-LoopHuman Overseerclean

Skill Info

Namemicrosoft/azure-skills/azure-cost

Registrygithub

Version3d8788273dee

PURLpkg:github/microsoft/azure-skills@3d8788273dee?skill=azure-cost

Stars849

Installs160,800

Source

Repository ↗SKILL.md ↗

SHA-256a158067f2b4f...

SHA-18ad6aec8478f...

MD533ffcef82882...

TLSH2bf1d8776d88...

ssdeep192:M6/P1+gY...

Size7,925 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/microsoft/azure-skills/tree/main/skills/azure-cost

160,800 installs

Claude CodeDocs

/plugin marketplace add microsoft/azure-skills

/plugin install azure-cost@microsoft/azure-skills

Gemini CLIDocs

gemini extensions install https://github.com/microsoft/azure-skills.git --consent

Skills.shDocs

npx skills add https://github.com/microsoft/azure-skills

Assessments (1)

AI Agent Traps ↗

Reliance on External Workflow Files (Supply Chain Risk)mediumsupply chain

The skill's core workflows (Cost Query, Cost Optimization, Cost Forecast) are defined in external markdown files. This introduces a supply chain risk, as compromise or malicious content within these external files could lead to arbitrary code execution or other forms of attack.

80% confidenceline 57

[Cost Query Workflow](cost-query/workflow.md), [Cost Optimization Workflow](cost-optimization/workflow.md), [Cost Forecast Workflow](cost-forecast/workflow.md)

Version History (2)

992cd5d3a770100Critical4/16/2026 3d8788273deecurrent40Medium4/14/2026

Dependencies (1)

azure.claude-plugin/marketplace.jsonnot scanned

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-cost.svg)](https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-cost)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-cost"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-cost.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-cost.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow