70High
The skill enables arbitrary file operations and Azure
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Azure Storage Services: | Service | Use When | MCP Tools | CLI | |---------|----------|-----------|-----| | Blob Storage | Objects, files, backups, static content | `azure__storage` | `az storage blob` | | File Shares | SMB file shares, lift-and-shift | - | `az storage file` | | Queue Storage | Async messaging, task queues | - | `az storage queue` | | Table Storage | NoSQL key-value (consider Cosmos DB) | - | `az storage table` | | Data Lake | Big data analytics, hierarchical namespace | - | `az storage fs` |
Actually does
This skill uses the `azure__storage` MCP tool or the `az` Azure CLI to interact with Azure Storage. It can list storage accounts, containers, and blobs, and allows for uploading and downloading blob content. It also provides informational content about Azure Storage services, account/blob tiers, and redundancy options, along with links to documentation and SDK references.
Skill Info
Namemicrosoft/github-copilot-for-azure/azure-storage
Registrygithub
Version771a66600a0c
PURLpkg:github/microsoft/github-copilot-for-azure@771a66600a0c?skill=azure-storage
Stars202
Installs154,200
Source
SHA-256c4de133f440b...
SHA-1626395997bb7...
MD554289b8aa132...
TLSHe8a1474d2e52...
ssdeep96:il04DDu0H...
Size4,910 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Skills.shDocs
npx skills add https://github.com/microsoft/github-copilot-for-azureAssessments (1)
AI Agent Traps ↗Arbitrary File Operations via Azure CLIhighcommand execution
The skill provides Azure CLI commands for downloading and uploading blobs, which involve specifying a `LOCAL_PATH`. If the AI agent is allowed to execute these commands with arbitrary or attacker-controlled paths, it could lead to data exfiltration from the agent's environment or arbitrary file writes, potentially for malware delivery or resource abuse.
90% confidenceline 40
az storage blob download --account-name ACCOUNT --container-name CONTAINER --name BLOB --file LOCAL_PATH az storage blob upload --account-name ACCOUNT --container-name CONTAINER --name BLOB --file LOCAL_PATH
Cloud Resource Reconnaissance via Azure CLImediumreconnaissance
The skill exposes Azure CLI commands to list storage accounts, containers, and blobs. If an AI agent executes these commands, it could be used for reconnaissance to map out cloud resources, which is a common precursor to more targeted attacks.
80% confidenceline 34
az storage account list --output table az storage container list --account-name ACCOUNT --output table az storage blob list --account-name ACCOUNT --container-name CONTAINER --output table
Version History (2)
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/microsoft/github-copilot-for-azure/azure-storage)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/github-copilot-for-azure/azure-storage"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/azure-storage.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/azure-storage.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow