40Medium
The skill risks command injection from unsanitized
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Microsoft Foundry Skill: This skill helps developers work with Microsoft Foundry resources, covering model discovery and deployment, complete dev lifecycle of AI agent, evaluation workflows, and troubleshooting.
Actually does
This skill orchestrates interactions with Microsoft Foundry resources, reading configuration from `.foundry/agent-metadata.yaml` and `azure.yaml`. It uses `azd env get-values` for bootstrapping, and leverages various Microsoft Cloud Platform (MCP) tools and potentially Azure CLI for tasks like Docker builds, ACR pushes, agent deployment, invocation, observation, and troubleshooting. It accesses container logs, telemetry, and App Insights for diagnostics and evaluation, and can download samples from `github.com/azure-ai-foundry/foundry-samples`.
Skill Info
Namemicrosoft/azure-skills/microsoft-foundry
Registrygithub
Version3d8788273dee
PURLpkg:github/microsoft/azure-skills@3d8788273dee?skill=microsoft-foundry
Stars849
Installs303,900
Source
SHA-256724b140a1b74...
SHA-14b3ee3bd4427...
MD5132f9a5ffbd9...
TLSH4e32e8afbd52...
ssdeep192:FGKsmmKD...
Size11,530 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (2)
AI Agent Traps ↗Potential command injection via Azure CLImediumcommand execution
The skill explicitly uses Azure CLI for resource creation and environment variable retrieval. If parameters for these commands are derived from unsanitized user input, it could lead to command injection.
90% confidenceline 47
resource/create: Creating Azure AI Services multi-service resource (Foundry resource) using Azure CLI. If found, run azd env get-values and use it to seed agent-metadata.yaml
Broad reconnaissance capabilitieslowreconnaissance
The skill provides access to sensitive operational data like traces, container logs, telemetry, quotas, and RBAC permissions, which could be exploited for reconnaissance if the agent is compromised.
90% confidenceline 26
Query traces, analyze latency/failures... View container logs, query telemetry, diagnose failures Managing quotas and capacity... Managing RBAC permissions, role assignments...
Sub-agent spawning capabilitylowsub agent spawning
The skill allows delegating tasks to sub-agents using `task` or `runSubagent` tools. While a legitimate feature, this capability could be abused if sub-agent prompts are attacker-controlled.
100% confidenceline 178
Use the task or runSubagent tool to delegate long-running or independent sub-tasks
Mutable configuration and dataset sourcesinforag poisoning
The skill relies on mutable local files like `agent-metadata.yaml` and allows harvesting production traces into evaluation datasets, which could be vectors for RAG or memory poisoning if an attacker can inject into these sources.
80% confidenceline 95
agent-metadata.yaml is the required source of truth for environment-specific project settings eval-datasets: Harvest production traces into evaluation datasets
Version History (2)
Dependencies (1)
azure.claude-plugin/marketplace.jsonnot scanned
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/microsoft-foundry)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/microsoft-foundry"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/microsoft-foundry.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/microsoft-foundry.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow