Azure Data Explorer (Kusto) Query & Analytics
View on GitHub↗70High
The skill allows arbitrary KQL queries and `az rest` commands, risking data exfiltration, DoS, and SSRF, while potentially impersonating Microsoft.
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Azure Data Explorer (Kusto) Query & Analytics: Execute KQL queries and manage Azure Data Explorer resources for fast, scalable big data analytics on log, telemetry, and time series data.
Actually does
The skill utilizes specific Microsoft-provided tools (`kusto_cluster_list`, `kusto_database_list`, `kusto_query`, `kusto_table_schema_get`) to list Azure Data Explorer clusters and databases, retrieve table schemas, and execute KQL queries. It also includes a fallback mechanism using Azure CLI commands (`az kusto cluster list`, `az kusto database list`, `az kusto cluster show`, `az kusto database show`) and directly contacts Kusto REST API endpoints (`https://<cluster>.<region>.kusto.windows.net/v1/rest/query`) for query execution.
Skill Info
Namemicrosoft/github-copilot-for-azure/azure-kusto
Registrygithub
Version4081320c2592
PURLpkg:github/microsoft/github-copilot-for-azure@4081320c2592?skill=azure-kusto
Stars202
Installs154,000
Source
SHA-25657823a812888...
SHA-1480bd835e949...
MD52c11bbb4c4aa...
TLSHc202a595b644...
ssdeep192:F4CRj31q...
Size8,602 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
GitHub
https://github.com/microsoft/github-copilot-for-azure/tree/main/skills/azure-kusto154,000 installs
Skills.shDocs
npx skills add https://github.com/microsoft/github-copilot-for-azureAssessments (2)
AI Agent Traps ↗Azure CLI 'az rest' command executionhighcommand execution
The skill explicitly uses the `az rest` command as a fallback for KQL queries. `az rest` is a general-purpose HTTP client, and if its URL or body parameters can be manipulated via prompt injection, it could lead to Server-Side Request Forgery (SSRF) or data exfiltration to arbitrary endpoints.
90% confidenceline 204
az rest --method post --url "https://<cluster>.<region>.kusto.windows.net/v1/rest/query" --body "{ \"db\": \"<database>\", \"csl\": \"<kql-query>\" }"KQL query execution for resource abuse/data exfiltrationmediumresource abuse
Both the `kusto_query` tool and the `az rest` fallback allow execution of arbitrary KQL queries. Maliciously crafted KQL queries could consume excessive Azure Data Explorer resources (DoS, increased costs) or extract sensitive data, which could then be exfiltrated if the agent's output is not properly controlled.
80% confidence
`kusto_query` tool, `az rest` command with `csl: "<kql-query>"`
Claimed author 'Microsoft' for trust manipulationinfoagent impersonation
The skill claims 'author: Microsoft'. If this skill is not genuinely published by Microsoft, this could be a form of persona manipulation to build trust and reduce scrutiny from users or other agents.
60% confidenceline 6
author: Microsoft
Version History (2)
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/microsoft/github-copilot-for-azure/azure-kusto)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/github-copilot-for-azure/azure-kusto"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/azure-kusto.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/azure-kusto.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow