The skill permits arbitrary Azure API calls
Claims to do
Azure Data Explorer (Kusto) Query & Analytics: Execute KQL queries and manage Azure Data Explorer resources for fast, scalable big data analytics on log, telemetry, and time series data.
Actually does
This skill uses internal `kusto_` tools and Azure CLI commands (`az kusto`, `az rest`) to list Azure Data Explorer clusters and databases, retrieve table schemas, and execute KQL queries against specified Kusto databases. It accesses log, telemetry, and time series data stored within Azure Data Explorer.
The skill explicitly allows the agent to execute `az rest` commands as a fallback. This command enables arbitrary HTTP requests to any Azure REST API endpoint, posing a significant risk for data exfiltration, resource manipulation, or unauthorized actions beyond the stated Kusto query purpose.
az rest --method post \
--url "https://<cluster>.<region>.kusto.windows.net/v1/rest/query" \
--body "{ \"db\": \"<database>\", \"csl\": \"<kql-query>\" }"The powerful `az rest` command, which allows arbitrary Azure API interaction, is presented as a 'Fallback Strategy' specifically for Kusto queries. This framing might downplay its broader capabilities and potential for abuse to human overseers.
Fallback Strategy: Azure CLI Commands section, specifically the `az rest` example.
[](https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-kusto)<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-kusto"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-kusto.svg" alt="Mondoo Skill Check" /></a>https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-kusto.svgSkills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.