The skill's `az storage`
Claims to do
Azure Storage Services: | Service | Use When | MCP Tools | CLI | |---------|----------|-----------|-----| | Blob Storage | Objects, files, backups, static content | `azure__storage` | `az storage blob` | | File Shares | SMB file shares, lift-and-shift | - | `az storage file` | | Queue Storage | Async messaging, task queues | - | `az storage queue` | | Table Storage | NoSQL key-value (consider Cosmos DB) | - | `az storage table` | | Data Lake | Big data analytics, hierarchical namespace | - | `az storage fs` |
Actually does
The skill executes `azure__storage` MCP commands or `az storage` CLI commands to list Azure storage accounts, containers, and blobs, and to upload or download blob content. It also provides documentation links for various Azure Storage services.
npx skills add https://github.com/microsoft/github-copilot-for-azure --skill azure-storageThe skill provides direct `az storage` CLI commands as a fallback. If an agent is prompted to use these commands with attacker-controlled inputs, it could lead to arbitrary command execution, data exfiltration, or reconnaissance on the host system where the CLI is installed and configured. This bypasses potentially safer, abstracted MCP commands.
```bash # List storage accounts az storage account list --output table ... # Download blob az storage blob download --account-name ACCOUNT --container-name CONTAINER --name BLOB --file LOCAL_PATH ```
The skill claims to support a wide range of Azure Storage services (Blob, File, Queue, Table, Data Lake) and lists their respective `az storage` CLI commands. However, the actual executable commands provided (both MCP and CLI fallback) are exclusively for Blob Storage operations.
The 'Services' table lists `az storage file`, `az storage queue`, `az storage table`, `az storage fs` but these are not implemented in the 'MCP Server (Preferred)' or 'CLI Fallback' sections. Only `az storage blob` commands are present for execution.
[](https://mondoo.com/ai-agent-security/skills/github/microsoft/github-copilot-for-azure/azure-storage)<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/github-copilot-for-azure/azure-storage"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/azure-storage.svg" alt="Mondoo Skill Check" /></a>https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/azure-storage.svgSkills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.