100Critical
The skill allows arbitrary Azure API calls and
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Azure Cost Management Skill: Unified skill for all Azure cost management tasks: querying historical costs, forecasting future spending, and optimizing to reduce waste.
Actually does
This skill primarily interacts with Azure Cost Management API endpoints via `az rest` to query historical costs and forecast spending. It also uses `az monitor metrics list` and `az resource list` for resource and metric data, and calls various `azure__` MCP tools for documentation, best practices, and compliance scans. It accesses Azure Cost Management API, Azure Monitor, and official Azure pricing pages.
Skill Info
Namemicrosoft/azure-skills/azure-cost
Registrygithub
Version992cd5d3a770
PURLpkg:github/microsoft/azure-skills@992cd5d3a770?skill=azure-cost
Stars849
Installs160,800
Source
SHA-256a158067f2b4f...
SHA-18ad6aec8478f...
MD533ffcef82882...
TLSH2bf1d8776d88...
ssdeep192:M6/P1+gY...
Size7,925 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (2)
AI Agent Traps ↗Arbitrary Azure API Execution via `az rest`criticalcommand execution
The skill explicitly allows the use of `az rest` for making arbitrary HTTP requests to Azure APIs. This capability can be leveraged for unauthorized command execution, data exfiltration, resource modification, or deletion beyond the stated purpose.
100% confidenceline 116
`CLI | az rest`, `Best Practices | Use REST API for cost queries`, `--headers "ClientType=GitHubCopilotForAzure"`
Azure CLI Command Generation Capabilityhightool poisoning
The `azure__extension_cli_generate` tool can generate arbitrary Azure CLI commands based on user intent. This poses a significant risk if malicious intent is injected, potentially leading to the execution of unauthorized or harmful commands.
100% confidenceline 39
`MCP Tools | azure__extension_cli_generate | Generate Azure CLI commands | intent (Required): task description`
Semantic Constraints and Human Approval for Destructive Actionslowoversight evasion
The skill includes explicit 'DO NOT USE FOR' constraints and 'Safety Requirements' like 'Get approval before deleting resources,' indicating the agent's potential for destructive actions and reliance on human oversight, which could be targeted by social engineering or approval fatigue.
80% confidenceline 5
`description | DO NOT USE FOR: deploying resources...`, `Safety Requirements | Get approval before deleting resources`
Version History (2)
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-cost)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-cost"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-cost.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-cost.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow