100Critical
This skill executes powerful cloud commands and is vulnerable to
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Azure Deploy: > **AUTHORITATIVE GUIDANCE — MANDATORY COMPLIANCE** > > **PREREQUISITE**: The **azure-validate** skill **MUST** be invoked and completed with status `Validated` BEFORE executing this skill.
Actually does
This skill reads `.azure/deployment-plan.md` to verify a `Validated` status and then executes Azure deployments. It runs commands such as `azd up`, `azd deploy`, `terraform apply`, `az deployment`, and `azd provision`. It also utilizes internal `mcp_azure_mcp_subscription_list`, `mcp_azure_mcp_group_list`, `mcp_azure_mcp_azd`, and `azure__role` tools for pre-checks, execution, and post-verification, and presents `https://` endpoint URLs.
Skill Info
Namemicrosoft/azure-skills/azure-deploy
Registrygithub
Version3d8788273dee
PURLpkg:github/microsoft/azure-skills@3d8788273dee?skill=azure-deploy
Stars633
Installs174,700
Source
SHA-256ff039d9c7f65...
SHA-1557245bf33c8...
MD503bf16c5ec7f...
TLSH95d1619a7b56...
ssdeep192:pfuQK+VU...
Size6,633 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (3)
AI Agent Traps ↗Command Execution via Cloud CLI Toolscriticalcommand execution
The skill is designed to execute powerful cloud infrastructure commands (`azd up`, `azd deploy`, `terraform apply`, `az deployment`) which can create, modify, or delete resources. This is a core capability with high potential for abuse if inputs are compromised.
100% confidenceline 3
This skill runs azd up, azd deploy, terraform apply, and az deployment commands... MCP Tools: `mcp_azure_mcp_azd`
RAG Poisoning / Supply Chain via External Fileshighrag poisoning
The skill's execution logic, including commands and parameters, is heavily dependent on external files like `.azure/deployment-plan.md` and 'recipes'. Compromise of these files could lead to arbitrary command execution or deployment of malicious infrastructure.
100% confidenceline 61
Read `.azure/deployment-plan.md`, verify status... Load Recipe — Based on `recipe.type` in `.azure/deployment-plan.md`... Execute Deploy — Follow recipe steps
Potential for Human Social Engineering via Output URLsmediumhuman social engineering
The skill reports deployed endpoint URLs to the user. If the underlying deployment or the source of these URLs is compromised, the agent could present malicious or phishing URLs to the human overseer.
80% confidenceline 77
Report Results — Present deployed endpoint URLs to the user as fully-qualified `https://` links
Dependencies (1)
azure.claude-plugin/marketplace.jsonnot scanned
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-deploy)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-deploy"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-deploy.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-deploy.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow