Azure Deploy

Name: github-copilot-for-azure/azure-deploy
Author: microsoft

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

This skill executes powerful cloud commands, but its reliance

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Azure Deploy: > **AUTHORITATIVE GUIDANCE — MANDATORY COMPLIANCE** > > **PREREQUISITE**: The **azure-validate** skill **MUST** be invoked and completed with status `Validated` BEFORE executing this skill.

Actually does

This skill reads a deployment plan from `.azure/deployment-plan.md` and executes Azure deployments. It runs `azd up`, `azd deploy`, `terraform apply`, and `az deployment` commands, utilizing MCP tools like `mcp_azure_mcp_azd` and `azure__role` to interact with Azure. It performs pre-deployment checks, RBAC health checks, and post-deployment verification, including querying Azure for provisioned roles and presenting `https://` endpoint URLs.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learning1 finding

Behavioural ControlAction4 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namemicrosoft/github-copilot-for-azure/azure-deploy

Registrygithub

Version4081320c2592

PURLpkg:github/microsoft/github-copilot-for-azure@4081320c2592?skill=azure-deploy

Stars202

Installs154,300

Source

Repository ↗SKILL.md ↗

SHA-256174e366b4a2d...

SHA-1aaa38651755b...

MD53a4cf7422924...

TLSH31d1629a7b56...

ssdeep192:pfuQK+0U...

Size6,633 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/microsoft/github-copilot-for-azure/tree/main/skills/azure-deploy

154,300 installs

Skills.shDocs

npx skills add https://github.com/microsoft/github-copilot-for-azure

Assessments (2)

AI Agent Traps ↗

Broad Command Execution Capabilitiescriticalcommand execution

The skill is explicitly designed to execute powerful Azure CLI, Terraform, and AZD commands, including `azd up`, `azd deploy`, `terraform apply`, and `az deployment`. These commands can make significant, destructive, or costly changes to cloud infrastructure.

100% confidenceline 3

This skill runs azd up, azd deploy, terraform apply, and az deployment commands with built-in error recovery. ... MCP Tools: mcp_azure_mcp_azd

Supply Chain Risk from External Markdown Referencesmediumsupply chain

The skill relies on several external markdown files (e.g., `Pre-Deploy Checklist`, `global-rules.md`, `recipes/README.md`) for instructions and rules. If these external references are not securely managed or can be modified by an attacker, they could be used to inject malicious instructions or bypass safety mechanisms.

90% confidence

Pre-deploy checklist required — [Pre-Deploy Checklist](references/pre-deploy-checklist.md) ... Load Recipe — Based on recipe.type in .azure/deployment-plan.md

Potential for Bypassing User Confirmationmediumautonomy abuse

While the skill states 'Destructive actions require `ask_user`', it also includes a step to run `azd provision --no-prompt`. This flag bypasses user interaction, which could be abused if the provision step leads to unintended resource creation or modification without explicit human approval.

80% confidence

⛔ Destructive actions require ask_user ... RBAC Health Check — For Container Apps + ACR with managed identity: run azd provision --no-prompt

Extensive Reconnaissance Capabilitieslowreconnaissance

The skill has access to tools for listing Azure subscriptions, resource groups, and role assignments (`mcp_azure_mcp_subscription_list`, `mcp_azure_mcp_group_list`, `azure__role`). While intended for verification, these tools can be used to enumerate cloud resources for malicious purposes.

100% confidence

MCP Tools: mcp_azure_mcp_subscription_list | mcp_azure_mcp_group_list | azure__role

Reliance on Mutable Configuration for Executionhighmemory poisoning

The skill's execution flow, including which commands to run and their parameters ('Load Recipe'), is heavily dependent on the content of `.azure/deployment-plan.md`. If this file is compromised or manipulated, it can lead to arbitrary command execution or unintended infrastructure changes by bypassing validation checks.

100% confidence

Read .azure/deployment-plan.md, verify status = Validated ... Load Recipe — Based on recipe.type in .azure/deployment-plan.md

Version History (2)

771a66600a0c70High5/4/2026 4081320c2592current100Critical4/15/2026

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/azure-deploy.svg)](https://mondoo.com/ai-agent-security/skills/github/microsoft/github-copilot-for-azure/azure-deploy)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/github-copilot-for-azure/azure-deploy"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/azure-deploy.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/azure-deploy.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow