Microsoft Foundry Skill

Name: github-copilot-for-azure/microsoft-foundry
Author: microsoft

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

This skill grants broad command execution, exposes sensitive configuration

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Microsoft Foundry Skill: This skill helps developers work with Microsoft Foundry resources, covering model discovery and deployment, complete dev lifecycle of AI agent, evaluation workflows, and troubleshooting.

Actually does

This skill orchestrates Microsoft Foundry operations by calling Azure MCP tools, `azd` commands, and potentially Docker/ACR commands. It accesses local configuration files like `.foundry/agent-metadata.yaml` and `azure.yaml`, interacts with Azure AI Foundry project endpoints, Azure Container Registry, and Azure services like App Insights for deployment, invocation, observation, and troubleshooting of AI agents. It also downloads samples from `github.com/azure-ai-foundry/foundry-samples`.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction4 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namemicrosoft/github-copilot-for-azure/microsoft-foundry

Registrygithub

Version4081320c2592

PURLpkg:github/microsoft/github-copilot-for-azure@4081320c2592?skill=microsoft-foundry

Stars202

Installs145,400

Source

Repository ↗SKILL.md ↗

SHA-256724b140a1b74...

SHA-14b3ee3bd4427...

MD5132f9a5ffbd9...

TLSH4e32e8afbd52...

ssdeep192:FGKsmmKD...

Size11,530 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/microsoft/github-copilot-for-azure/tree/main/skills/microsoft-foundry

145,400 installs

Skills.shDocs

npx skills add https://github.com/microsoft/github-copilot-for-azure

Assessments (1)

AI Agent Traps ↗

Broad System/Cloud Command Executioncriticalcommand execution

The skill explicitly uses `azd env get-values` and Azure CLI for resource creation, and implicitly performs container operations (build, push to ACR). This grants the agent broad command execution capabilities in the underlying system or cloud environment, which could be exploited for arbitrary code execution or system compromise.

100% confidence

run `azd env get-values` and use it to seed `agent-metadata.yaml`... Creating Azure AI Services multi-service resource (Foundry resource) using Azure CLI... Containerize, build, push to ACR

Sensitive Configuration & Data Accesscriticaldata exfiltration

The skill reads and resolves sensitive configuration values like project endpoints, ACR registries, and Azure subscription IDs from local files (`agent-metadata.yaml`) and system commands (`azd env get-values`). It also accesses traces, logs, and RBAC information, posing a significant risk of sensitive data exposure or exfiltration if the agent is compromised.

100% confidenceline 70

`agent-metadata.yaml` is the required source of truth for environment-specific project settings, agent names, registry details... run `azd env get-values` and use it to seed `agent-metadata.yaml`... Query traces, analyze latency/failures... Managing RBAC permissions

Sub-Agent Spawning Capabilityhighsub agent spawning

The skill explicitly uses the `task` or `runSubagent` tool to delegate sub-tasks. This capability can be abused to launch attacker-controlled sub-agents, potentially leading to compositional attacks, privilege escalation, or uncontrolled execution if not properly sandboxed or if sub-agent prompts are manipulated.

100% confidenceline 145

Use the `task` or `runSubagent` tool to delegate long-running or independent sub-tasks

Resource Abuse via Cloud Operationshighresource abuse

The skill performs resource-intensive cloud operations such as containerizing, building, and pushing images to ACR, and managing quotas. Malicious invocation or repeated execution of these operations could lead to excessive resource consumption, denial of service, or unexpected cloud costs.

100% confidence

Containerize, build, push to ACR... Managing quotas and capacity for Microsoft Foundry resources.

Version History (2)

c4ea0f4e63950None4/17/2026 4081320c2592current100Critical4/15/2026

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/microsoft-foundry.svg)](https://mondoo.com/ai-agent-security/skills/github/microsoft/github-copilot-for-azure/microsoft-foundry)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/github-copilot-for-azure/microsoft-foundry"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/microsoft-foundry.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/microsoft/github-copilot-for-azure/microsoft-foundry.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow