70High
This Azure diagnostics skill is vulnerable to command injection via
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Azure Diagnostics: > **AUTHORITATIVE GUIDANCE — MANDATORY COMPLIANCE** > > This document is the **official source** for debugging and troubleshooting Azure production issues. Follow these instructions to diagnose and resolve common Azure service problems systematically.
Actually does
This skill utilizes Azure CLI commands (`az`) to check resource health, view activity logs, and retrieve logs for Container Apps and Function Apps. It also invokes internal Microsoft Copilot (MCP) tools (`mcp_azure_mcp_applens`, `mcp_azure_mcp_monitor`, `mcp_azure_mcp_resourcehealth`) to perform AI-powered diagnostics, query logs, and check resource health within Azure. It references local markdown files for detailed troubleshooting guides.
Skill Info
Namemicrosoft/azure-skills/azure-diagnostics
Registrygithub
Version3d8788273dee
PURLpkg:github/microsoft/azure-skills@3d8788273dee?skill=azure-diagnostics
Stars633
Installs174,600
Source
SHA-256b7a3c219d340...
SHA-1091e95c344ff...
MD50acf476d05bf...
TLSH7e91c60a7e51...
ssdeep48:oEX09+X6i...
Size4,529 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Claude CodeDocs
/plugin marketplace add microsoft/azure-skills/plugin install azure-diagnostics@microsoft/azure-skills
Gemini CLIDocs
gemini extensions install https://github.com/microsoft/azure-skills.git --consent
Skills.shDocs
npx skills add https://github.com/microsoft/azure-skills --skill azure-diagnosticsAssessments (2)
AI Agent Traps ↗Parameter Injection in External Commands and Toolshighcommand execution
The skill provides examples of `az CLI` commands and `mcp_azure_mcp_` tool calls that accept parameters (e.g., `RESOURCE_ID`, `RG`, `APP`, `KQL-query`). If these parameters are populated directly from unsanitized user input, an attacker could inject malicious commands or queries, leading to arbitrary command execution, data exfiltration, or resource manipulation.
90% confidenceline 70
az resource show --ids RESOURCE_ID
mcp_azure_mcp_applens
intent: "diagnose issues with <resource-name>"
command: "diagnose"
parameters:
resourceId: "<resource-id>"Supply Chain Risk from External Referencesmediumsupply chain
The skill references multiple external Markdown files (e.g., `references/container-apps/README.md`, `aks-troubleshooting/aks-troubleshooting.md`, `references/kql-queries.md`). If these external resources are compromised or contain malicious content, they could inject harmful instructions or data into the agent's operational context, leading to a supply chain attack.
80% confidenceline 54
| **Container Apps** | Image pull failures, cold starts, health probes, port mismatches | [container-apps/](references/container-apps/README.md) | See [kql-queries.md](references/kql-queries.md) for common diagnostic queries.
Dependencies (1)
azure.claude-plugin/marketplace.jsonnot scanned
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-diagnostics)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-diagnostics"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-diagnostics.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-diagnostics.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow