70High
The skill risks agent compromise via external content, KQL
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Azure Diagnostics: > **AUTHORITATIVE GUIDANCE — MANDATORY COMPLIANCE** > > This document is the **official source** for debugging and troubleshooting Azure production issues. Follow these instructions to diagnose and resolve common Azure service problems systematically.
Actually does
This skill uses Azure CLI (`az`) and internal Microsoft Copilot (MCP) tools (`mcp_azure_mcp_applens`, `mcp_azure_mcp_monitor`, `mcp_azure_mcp_resourcehealth`) to check Azure resource health, view activity logs, query application logs (Container Apps, Function Apps via App Insights), and analyze metrics using KQL. It provides commands to interact with Azure resources for diagnostic purposes.
Skill Info
Namemicrosoft/github-copilot-for-azure/azure-diagnostics
Registrygithub
Version4081320c2592
PURLpkg:github/microsoft/github-copilot-for-azure@4081320c2592?skill=azure-diagnostics
Stars202
Installs154,200
Source
SHA-256b7a3c219d340...
SHA-1091e95c344ff...
MD50acf476d05bf...
TLSH7e91c60a7e51...
ssdeep48:oEX09+X6i...
Size4,529 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
GitHub
https://github.com/microsoft/github-copilot-for-azure/tree/main/skills/azure-diagnostics154,200 installs
Skills.shDocs
npx skills add https://github.com/microsoft/github-copilot-for-azureAssessments (3)
AI Agent Traps ↗Supply chain risk from external referenceshighsupply chain
The skill relies on external Markdown files for detailed troubleshooting guides and KQL queries. If these linked files are compromised, they could introduce malicious instructions, poison the agent's knowledge base, or lead to unintended actions.
90% confidenceline 54
[container-apps/](references/container-apps/README.md)
Resource abuse via arbitrary KQL queriesmediumresource abuse
The `mcp_azure_mcp_monitor` tool allows execution of arbitrary KQL queries. A malicious or overly complex query could be crafted to consume excessive resources, leading to performance degradation or denial of service on the Azure Monitor backend.
80% confidenceline 111
query: "<KQL-query>"
Authoritative language for agent guidanceinfooversight evasion
The skill uses highly authoritative language ('AUTHORITATIVE GUIDANCE — MANDATORY COMPLIANCE', 'official source') to direct the agent's reasoning. While intended to ensure adherence to official procedures, such framing could potentially be used to bypass alternative reasoning paths or critical thinking.
70% confidenceline 12
> **AUTHORITATIVE GUIDANCE — MANDATORY COMPLIANCE**
Version History (2)
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/microsoft/github-copilot-for-azure/azure-diagnostics)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/github-copilot-for-azure/azure-diagnostics"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/azure-diagnostics.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/azure-diagnostics.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow