40Medium
The skill performs cloud reconnaissance and is vulnerable to supply chain
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Azure Kubernetes Service: > **AUTHORITATIVE GUIDANCE — MANDATORY COMPLIANCE** > > This skill produces a **recommended AKS cluster configuration** based on user requirements, distinguishing **Day-0 decisions** (networking, API server — hard to change later) from **Day-1 features** (can enable post-creation). See [CLI reference](./references/cli-reference.md) for commands.
Actually does
This skill primarily uses `mcp_azure_mcp_aks` to discover and interact with Azure Kubernetes Service (AKS) specific tools, falling back to Azure CLI commands like `az aks create`, `az aks show`, `kubectl get`, and `kubectl describe`. It accesses Azure subscription and resource group information via `az account show` / `az account list` and references Microsoft Learn documentation for guidance.
Skill Info
Namemicrosoft/azure-skills/azure-kubernetes
Registrygithub
Version992cd5d3a770
PURLpkg:github/microsoft/azure-skills@992cd5d3a770?skill=azure-kubernetes
Stars849
Installs200,600
Source
SHA-25654ddfcbb15eb...
SHA-153d7f933cb82...
MD56eb8bf87ae22...
TLSH46220847bf84...
ssdeep192:1yqv5sU0...
Size10,344 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (2)
AI Agent Traps ↗Cloud identity probing — discovers cloud account identity or queries instance metadatamediumreconnaissance
Cloud identity probing — discovers cloud account identity or queries instance metadata
100% confidenceline 138
az account show
Dynamic Tool Discovery and Potential Tool Poisoningmediumtool poisoning
The skill dynamically discovers and uses MCP tools. If the MCP server or the tools it surfaces are compromised, this mechanism could lead to the execution of malicious tools, representing a supply chain risk.
80% confidenceline 39
Rules: ...discover the exact AKS-specific MCP tools surfaced by the client. Choose the smallest discovered AKS tool...
Reconnaissance Capability via Azure CLIlowreconnaissance
The skill explicitly uses `az account show` and `az account list` for subscription and resource scope discovery. While intended for legitimate context resolution, these commands can be used for enumerating cloud resources.
90% confidenceline 178
Guardrails / Safety: ...Discover subscription and resource scope via MCP tools... or `az account show` / `az account list`...
RAG Poisoning via Local Reference Fileslowrag poisoning
The skill loads content from local markdown reference files (e.g., `azure-aks-rightsizing.md`). If these files are tampered with, they could inject malicious instructions or data into the agent's RAG context, influencing its reasoning or actions.
70% confidenceline 159
| Pod Rightsizing | ... | [azure-aks-rightsizing.md](./references/azure-aks-rightsizing.md) |
Version History (2)
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-kubernetes)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-kubernetes"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-kubernetes.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-kubernetes.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow