Azure Resource Visualizer - Architecture Diagram Generator
View on GitHub↗70High
The skill grants broad Azure CLI access, risking resource modification
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Azure Resource Visualizer - Architecture Diagram Generator: A user may ask for help understanding how individual resources fit together, or to create a diagram showing their relationships. Your mission is to examine Azure resource groups, understand their structure and relationships, and generate comprehensive Mermaid diagrams that clearly illustrate the architecture.
Actually does
This skill uses Azure MCP tools and the `az` CLI to list Azure resource groups, query all resources within a selected group, and analyze their configurations and interdependencies. It then generates a detailed Mermaid architecture diagram and a comprehensive markdown file (`[resource-group-name]-architecture.md`) summarizing the architecture, resource inventory, and relationships.
Skill Info
Namemicrosoft/github-copilot-for-azure/azure-resource-visualizer
Registrygithub
Version4081320c2592
PURLpkg:github/microsoft/github-copilot-for-azure@4081320c2592?skill=azure-resource-visualizer
Stars202
Installs154,000
Source
SHA-256c5440652a595...
SHA-1cf70a6d38d2c...
MD538334408f619...
TLSH5e026043aa19...
ssdeep192:Ev+WTdQ8...
Size8,265 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Skills.shDocs
npx skills add https://github.com/microsoft/github-copilot-for-azureAssessments (2)
AI Agent Traps ↗Command Execution via Azure CLI (az)highcommand execution
The skill explicitly instructs the agent to use the `az` (Azure CLI) tool for resource discovery and analysis. While the examples provided are read-only, this grants the agent the capability to execute arbitrary `az` commands, which could be exploited for resource modification, deletion, creation, or data exfiltration if the underlying execution environment has sufficient permissions.
100% confidenceline 28
If you do not have a tool for this, use `az`. Use Azure CLI for complex queries not available via MCP. Example: `az resource list --resource-group <name> --output json`
Reliance on Local Files for RAG/Templateslowrag poisoning
The skill references local markdown files (`references/azure-resource-graph.md`, `assets/template-architecture.md`, `assets/example-diagram.md`) for guidance and templates. If these files are compromised in the skill's deployment, they could be used to inject malicious instructions or examples into the agent's knowledge base or output generation process.
70% confidenceline 40
[Azure Resource Graph Queries](references/azure-resource-graph.md) See [example-diagram.md](./assets/example-diagram.md) Use [template-architecture.md](./assets/template-architecture.md)
Version History (2)
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/microsoft/github-copilot-for-azure/azure-resource-visualizer)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/github-copilot-for-azure/azure-resource-visualizer"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/azure-resource-visualizer.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/azure-resource-visualizer.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow