100Critical
This skill executes arbitrary commands,
Behavior Analysis
Mismatch detected — The skill claims to 'handle automated upgrades' but the actual upgrade execution logic (creating resources, migrating settings, deploying code) is not contained within the skill's definition. Instead, it refers to external 'automated upgrade steps' and 'automation scripts', making the skill primarily an orchestrator and assessor rather than the direct executor of the upgrade.
Claims to do
Azure Upgrade: > This skill handles **assessment and automated upgrades** of existing Azure workloads from one Azure service, hosting plan, or SKU to another — all within Azure. This includes plan/tier upgrades (e.g. Consumption → Flex Consumption), cross-service migrations (e.g. App Service → Container Apps), and SKU changes. This is NOT for cross-cloud migration — use `azure-cloud-migrate` for that.
Actually does
This skill orchestrates Azure workload assessments and upgrades by identifying source/target plans, assessing readiness using scenario references, and collecting configurations. It utilizes `mcp_azure_mcp_get_bestpractices`, `mcp_azure_mcp_documentation`, `mcp_azure_mcp_appservice`, and `mcp_azure_mcp_applicationinsights` tools for information gathering and verification. The actual upgrade execution (creating resources, migrating settings, deploying code) is delegated to unspecified 'automated upgrade steps' and 'automation scripts' referenced externally.
Skill Info
Namemicrosoft/azure-skills/azure-upgrade
Registrygithub
Version3d8788273dee
PURLpkg:github/microsoft/azure-skills@3d8788273dee?skill=azure-upgrade
Stars849
Installs255,400
Source
SHA-2562536897212a3...
SHA-107509275da2c...
MD5c25c782260a4...
TLSHfa8113497d42...
Size4,033 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (4)
AI Agent Traps ↗Command Execution via Automation Scriptscriticalcommand execution
The skill explicitly states it will 'Execute the automated upgrade steps' and references 'Automation Scripts'. This capability allows for arbitrary command execution, which could lead to data exfiltration, resource abuse, or system compromise if the scripts are malicious or exploited.
90% confidenceline 56
Execute the automated upgrade steps (create new resources, migrate settings, deploy code), Automation Scripts (references/services/functions/automation.md)
Reliance on External MCP Toolsmediumtool poisoning
The skill relies on several 'mcp_azure_mcp_*' tools whose implementations are not provided. If these tools are compromised, or if the skill passes unsanitized user input to them, it could lead to tool poisoning, unintended actions, or vulnerabilities.
70% confidenceline 28
Use `mcp_azure_mcp_get_bestpractices` and `mcp_azure_mcp_documentation` MCP tools, MCP Tools table
Collection of Sensitive Configuration Datamediumdata exfiltration
The skill explicitly collects 'settings, identities, configs from the existing app' during the pre-migrate phase. This involves accessing potentially sensitive information, which, if not handled securely, could be vulnerable to data exfiltration or credential theft.
70% confidenceline 55
Collect settings, identities, configs from the existing app
External Markdown Files for Instructions/RAGhighrag poisoning
The skill loads multiple external markdown files (.md) for rules, scenarios, and automation details. These files can be used to inject hidden instructions, manipulate the agent's reasoning, or poison its RAG/knowledge base, potentially leading to unintended or malicious actions.
80% confidenceline 38
Load the scenario reference and follow its rules, [consumption-to-flex.md](references/services/functions/consumption-to-flex.md), [global-rules](references/global-rules.md)
Chaining to Other Skillslowsub agent spawning
The skill is designed to hand off to 'azure-validate' or 'azure-deploy' for further actions. This chaining pattern introduces a dependency on the security and trustworthiness of these downstream skills, which could lead to systemic vulnerabilities if they are compromised.
60% confidenceline 74
Hand off to `azure-validate` for deep validation or `azure-deploy` for CI/CD setup
Description Mismatchinfodescription mismatch
The skill claims to 'handle automated upgrades' but the actual upgrade execution logic (creating resources, migrating settings, deploying code) is not contained within the skill's definition. Instead, it refers to external 'automated upgrade steps' and 'automation scripts', making the skill primarily an orchestrator and assessor rather than the direct executor of the upgrade.
85% confidenceline 56
The 'Upgrade' step states 'Execute the automated upgrade steps (create new resources, migrate settings, deploy code)' and 'References' section lists 'Automation Scripts' without providing their content.
Version History (2)
Dependencies (1)
azure.claude-plugin/marketplace.jsonnot scanned
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-upgrade)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-upgrade"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-upgrade.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-upgrade.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow