70High
This skill can provision, modify, destroy, and
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Azure Enterprise Infra Planner: Activate this skill when user wants to: - Plan enterprise Azure infrastructure from a workload or architecture description - Architect a landing zone, hub-spoke network, or multi-region topology - Design networking infrastructure: VNets, subnets, firewalls, private endpoints, VPN gateways - Plan identity, RBAC, and compliance-driven infrastructure - Generate Bicep or Terraform for subscription-scope or multi-resource-group deployments - Plan disaster recovery, failover, or cross-region high-availability topologies
Actually does
This skill utilizes internal MCP tools to search and retrieve Azure best practices, Well-Architected Framework guides, Microsoft Learn documentation, and Bicep schemas. It then generates infrastructure-as-code (IaC) plans, which can be validated and deployed using Azure CLI commands (`az deployment group create`, `az bicep build`, `az resource list`) and Terraform CLI commands (`terraform init`, `terraform plan`, `terraform validate`, `terraform apply`).
Skill Info
Namemicrosoft/azure-skills/azure-enterprise-infra-planner
Registrygithub
Version992cd5d3a770
PURLpkg:github/microsoft/azure-skills@992cd5d3a770?skill=azure-enterprise-infra-planner
Stars849
Installs212,700
Source
SHA-256e8c1a164643f...
SHA-165babf524d57...
MD545065896bd91...
TLSH8381e84b6c26...
Size4,000 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (1)
AI Agent Traps ↗Destructive Infrastructure Deployment Commandshighcommand execution
The skill explicitly uses `az deployment group create` and `terraform apply` commands, enabling it to provision, modify, and destroy Azure infrastructure. This capability, while core to its function, poses a high risk if misused by a compromised agent.
100% confidenceline 27
`az deployment group create`, `terraform apply`
Azure Resource Enumeration Capabilitylowreconnaissance
The skill utilizes the `az resource list` command, allowing it to enumerate existing Azure resources. While necessary for infrastructure planning, this capability could be leveraged for reconnaissance in a compromised scenario.
100% confidenceline 27
`az resource list`
Version History (2)
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-enterprise-infra-planner)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-enterprise-infra-planner"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-enterprise-infra-planner.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-enterprise-infra-planner.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow