100Critical
The skill can execute arbitrary code, deploy malicious resources,
Behavior Analysis
Mismatch detected — The skill claims to handle broad Azure workload upgrades across various services and plans, but the provided 'Upgrade Scenarios' and detailed references are exclusively for Azure Functions Consumption to Flex Consumption plan upgrades. While general tools are listed, the concrete implementation details are limited to this specific Function App scenario, suggesting a narrower immediate scope than advertised.
Claims to do
Azure Upgrade: > This skill handles **assessment and automated upgrades** of existing Azure workloads from one Azure service, hosting plan, or SKU to another — all within Azure. This includes plan/tier upgrades (e.g. Consumption → Flex Consumption), cross-service migrations (e.g. App Service → Container Apps), and SKU changes. This is NOT for cross-cloud migration — use `azure-cloud-migrate` for that.
Actually does
This skill uses `mcp_azure_mcp_` prefixed tools to query Azure App Service/Functions details, Application Insights, and retrieve Azure documentation/best practices. It orchestrates an upgrade process for Azure Function apps, involving creating new resources, migrating configurations, deploying code, and validating the new app by making HTTP requests to its URL.
Skill Info
Namemicrosoft/azure-skills/azure-upgrade
Registrygithub
Version992cd5d3a770
PURLpkg:github/microsoft/azure-skills@992cd5d3a770?skill=azure-upgrade
Stars849
Installs255,400
Source
SHA-2562536897212a3...
SHA-107509275da2c...
MD5c25c782260a4...
TLSHfa8113497d42...
Size4,033 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (4)
AI Agent Traps ↗Command Execution via Automated Upgrade Stepscriticalcommand execution
The skill explicitly states it will 'Execute the automated upgrade steps' and 'deploy code'. This capability can be abused to run arbitrary commands or deploy malicious code if not properly sandboxed and validated.
100% confidenceline 56
Execute the automated upgrade steps (create new resources, migrate settings, deploy code)
Unspecified MCP Tools (Tool Poisoning Risk)hightool poisoning
The skill lists several 'mcp_azure_mcp_*' tools without detailing their implementation or full capabilities. These tools could potentially execute arbitrary commands or access sensitive resources beyond their stated purpose, posing a significant risk.
100% confidenceline 49
mcp_azure_mcp_get_bestpractices, mcp_azure_mcp_documentation, mcp_azure_mcp_appservice, mcp_azure_mcp_applicationinsights
Sensitive Data Collection (Data Exfiltration Risk)highdata exfiltration
The 'Pre-migrate' step involves collecting sensitive information such as 'settings, identities, configs from the existing app'. If this data is not handled securely, it could be exfiltrated.
100% confidenceline 55
Collect settings, identities, configs from the existing app
Potential for Resource Abuse (New Resource Creation)mediumresource abuse
The 'Upgrade' step includes 'create new resources'. If not properly constrained or monitored, this could lead to unintended resource consumption, excessive billing, or denial-of-service.
80% confidenceline 56
create new resources
Content Injection via External Markdown Referencesmediumprompt injection
The skill heavily relies on external markdown files for rules and scenarios (e.g., 'global-rules.md', 'consumption-to-flex.md'). If these files are not securely managed, they could be manipulated to contain hidden instructions or alter the agent's understanding and behavior.
90% confidenceline 27
Load the scenario reference and follow its rules, [consumption-to-flex.md], [Global Rules]
Description Mismatchlowdescription mismatch
The skill claims to handle broad Azure workload upgrades across various services and plans, but the provided 'Upgrade Scenarios' and detailed references are exclusively for Azure Functions Consumption to Flex Consumption plan upgrades. While general tools are listed, the concrete implementation details are limited to this specific Function App scenario, suggesting a narrower immediate scope than advertised.
85% confidence
Claimed: 'assessment and automated upgrades of existing Azure workloads from one Azure service, hosting plan, or SKU to another'. Actual: Only one specific 'Upgrade Scenario' listed: 'Azure Functions Consumption Plan' to 'Azure Functions Flex Consumption Plan' with corresponding references.
Multi-Agent Systemic Risk (Handoff to Other Skills)infocompositional fragment attacks
The skill is designed to hand off to other skills ('azure-validate', 'azure-deploy'). In a multi-agent system, this introduces systemic risks if downstream skills are compromised or misused, potentially leading to cascading failures or unintended actions.
70% confidenceline 57
Hand off to azure-validate for deep validation or azure-deploy for CI/CD setup
Version History (2)
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-upgrade)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-upgrade"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-upgrade.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-upgrade.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow