70High
The skill's `az storage`
Behavior Analysis
Mismatch detected — The skill claims to support a wide range of Azure Storage services (Blob, File, Queue, Table, Data Lake) and lists their respective `az storage` CLI commands. However, the actual executable commands provided (both MCP and CLI fallback) are exclusively for Blob Storage operations.
Claims to do
Azure Storage Services: | Service | Use When | MCP Tools | CLI | |---------|----------|-----------|-----| | Blob Storage | Objects, files, backups, static content | `azure__storage` | `az storage blob` | | File Shares | SMB file shares, lift-and-shift | - | `az storage file` | | Queue Storage | Async messaging, task queues | - | `az storage queue` | | Table Storage | NoSQL key-value (consider Cosmos DB) | - | `az storage table` | | Data Lake | Big data analytics, hierarchical namespace | - | `az storage fs` |
Actually does
The skill executes `azure__storage` MCP commands or `az storage` CLI commands to list Azure storage accounts, containers, and blobs, and to upload or download blob content. It also provides documentation links for various Azure Storage services.
Skill Info
Namemicrosoft/github-copilot-for-azure/azure-storage
Registrygithub
Version4081320c2592
PURLpkg:github/microsoft/github-copilot-for-azure@4081320c2592?skill=azure-storage
Stars186
Installs103,300
Source
SHA-256f52a61e789f3...
SHA-1929db0f69de0...
MD5d1b6ef2b5b30...
TLSHf3a1554d1e52...
ssdeep96:ilCDD9zHM...
Size4,718 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
GitHub
https://github.com/microsoft/github-copilot-for-azure/tree/main/skills/azure-storage103,300 installs
Skills.shDocs
npx skills add https://github.com/microsoft/github-copilot-for-azure --skill azure-storageAssessments (2)
AI Agent Traps ↗Direct Azure CLI Command Executionhighcommand execution
The skill provides direct `az storage` CLI commands as a fallback. If an agent is prompted to use these commands with attacker-controlled inputs, it could lead to arbitrary command execution, data exfiltration, or reconnaissance on the host system where the CLI is installed and configured. This bypasses potentially safer, abstracted MCP commands.
100% confidenceline 35
```bash # List storage accounts az storage account list --output table ... # Download blob az storage blob download --account-name ACCOUNT --container-name CONTAINER --name BLOB --file LOCAL_PATH ```
Description Mismatchmediumdescription mismatch
The skill claims to support a wide range of Azure Storage services (Blob, File, Queue, Table, Data Lake) and lists their respective `az storage` CLI commands. However, the actual executable commands provided (both MCP and CLI fallback) are exclusively for Blob Storage operations.
85% confidenceline 19
The 'Services' table lists `az storage file`, `az storage queue`, `az storage table`, `az storage fs` but these are not implemented in the 'MCP Server (Preferred)' or 'CLI Fallback' sections. Only `az storage blob` commands are present for execution.
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/microsoft/github-copilot-for-azure/azure-storage)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/github-copilot-for-azure/azure-storage"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/azure-storage.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/azure-storage.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow