Azure Data Explorer (Kusto) Query & Analytics

Name: azure-skills/azure-kusto
Author: microsoft

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill permits arbitrary Azure API calls

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Azure Data Explorer (Kusto) Query & Analytics: Execute KQL queries and manage Azure Data Explorer resources for fast, scalable big data analytics on log, telemetry, and time series data.

Actually does

This skill uses internal `kusto_` tools and Azure CLI commands (`az kusto`, `az rest`) to list Azure Data Explorer clusters and databases, retrieve table schemas, and execute KQL queries against specified Kusto databases. It accesses log, telemetry, and time series data stored within Azure Data Explorer.

Threat Analysis

AI Agent Traps ↗Scanned 4/14/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoning1 finding

Cognitive StateMemory & Learningclean

Behavioural ControlAction1 finding

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namemicrosoft/azure-skills/azure-kusto

Registrygithub

Version3d8788273dee

PURLpkg:github/microsoft/azure-skills@3d8788273dee?skill=azure-kusto

Stars633

Installs174,400

Source

Repository ↗SKILL.md ↗

SHA-25657823a812888...

SHA-1480bd835e949...

MD52c11bbb4c4aa...

TLSHc202a595b644...

ssdeep192:F4CRj31q...

Size8,602 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/microsoft/azure-skills/tree/main/skills/azure-kusto

174,400 installs

Claude CodeDocs

/plugin marketplace add microsoft/azure-skills

/plugin install azure-kusto@microsoft/azure-skills

Gemini CLIDocs

gemini extensions install https://github.com/microsoft/azure-skills.git --consent

Skills.shDocs

npx skills add https://github.com/microsoft/azure-skills --skill azure-kusto

Assessments (2)

AI Agent Traps ↗

Arbitrary Azure REST API Calls via az restcriticalcommand execution

The skill explicitly allows the agent to execute `az rest` commands as a fallback. This command enables arbitrary HTTP requests to any Azure REST API endpoint, posing a significant risk for data exfiltration, resource manipulation, or unauthorized actions beyond the stated Kusto query purpose.

100% confidenceline 204

az rest --method post \
  --url "https://<cluster>.<region>.kusto.windows.net/v1/rest/query" \
  --body "{ \"db\": \"<database>\", \"csl\": \"<kql-query>\" }"

Oversight Evasion Framing of az rest Capabilitylowoversight evasion

The powerful `az rest` command, which allows arbitrary Azure API interaction, is presented as a 'Fallback Strategy' specifically for Kusto queries. This framing might downplay its broader capabilities and potential for abuse to human overseers.

80% confidence

Fallback Strategy: Azure CLI Commands section, specifically the `az rest` example.

Dependencies (1)

azure.claude-plugin/marketplace.jsonnot scanned

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-kusto.svg)](https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-kusto)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-kusto"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-kusto.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-kusto.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow