Azure Data Explorer (Kusto) Query & Analytics
View on GitHub↗70High
The skill allows arbitrary KQL query execution and reconnaissance
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Azure Data Explorer (Kusto) Query & Analytics: Execute KQL queries and manage Azure Data Explorer resources for fast, scalable big data analytics on log, telemetry, and time series data.
Actually does
This skill uses Microsoft Common Platform (MCP) tools (`kusto_cluster_list`, `kusto_database_list`, `kusto_query`, `kusto_table_schema_get`) to interact with Azure Data Explorer. It executes KQL queries against specified Kusto databases to retrieve and analyze log, telemetry, and time series data, and can also list clusters, databases, and retrieve table schemas. As a fallback, it can use Azure CLI commands (`az kusto`, `az rest`) to achieve similar functionality by contacting Kusto cluster REST API endpoints.
Skill Info
Namemicrosoft/github-copilot-for-azure/azure-kusto
Registrygithub
Version771a66600a0c
PURLpkg:github/microsoft/github-copilot-for-azure@771a66600a0c?skill=azure-kusto
Stars202
Installs154,000
Source
SHA-2563a0f1fb6296e...
SHA-1a28d3331b160...
MD53b68fed6184f...
TLSHa202a695b644...
ssdeep192:FYCRj31q...
Size8,614 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Skills.shDocs
npx skills add https://github.com/microsoft/github-copilot-for-azureAssessments (1)
AI Agent Traps ↗Arbitrary KQL Query Executionhighcommand execution
The skill explicitly allows executing arbitrary KQL queries via the `kusto_query` tool and as a fallback using `az rest`. This capability can be abused to exfiltrate sensitive data from Azure Data Explorer, consume excessive resources, or perform unauthorized data access.
100% confidence
`kusto_query` tool, `az rest --method post --url "https://<cluster>.<region>.kusto.windows.net/v1/rest/query" --body "{ \"db\": \"<database>\", \"csl\": \"<kql-query>\" }"`Azure Resource Enumerationmediumreconnaissance
The skill provides tools (`kusto_cluster_list`, `kusto_database_list`, `kusto_table_schema_get`) and Azure CLI fallbacks to list clusters, databases, and retrieve table schemas. While part of the skill's legitimate function, this offers significant reconnaissance capabilities that could be exploited by an attacker to map out the data environment.
100% confidenceline 111
`kusto_cluster_list`, `kusto_database_list`, `kusto_table_schema_get`, `az kusto cluster list`, `az kusto database list`
Version History (2)
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/microsoft/github-copilot-for-azure/azure-kusto)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/github-copilot-for-azure/azure-kusto"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/azure-kusto.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/azure-kusto.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow