Security risk report for @forgecat/microsoft-azure_skills-appinsights-instrumentation v0.0.4
Source Integrity
Low
Profile is sourced from Microsoft's official azure-skills repository (https://github.com/microsoft/azure-skills), a trusted first-party source.
Metadata clearly attributes authorship to Microsoft with MIT license and version tracking.
Agent Intent
Low
Content is purely instructional guidance for Azure Application Insights instrumentation—no hidden directives to manipulate the AI, read credentials, or exfiltrate data.
References to environment variables and Azure CLI are legitimate configuration steps, not instructions to the agent to access or leak secrets.
No prompt injection, role hijacking, system prompt leakage, or guidance poisoning detected; all SDK recommendations (azure-monitor-opentelemetry packages) are legitimate Microsoft-published libraries.
Details
Evidence
Profile explicitly states 'This skill provides reference material' and delegates actual modifications to azure-prepare skill.
All code examples show standard, well-known Azure SDK setup patterns with no obfuscation or malicious intent.
Best practices sections recommend secure patterns (AAD authentication, offline storage, structured logging) consistent with Azure security guidance.
Permissions
Low
No tools or hooks are declared in the profile; it is purely markdown guidance and reference material.
The skill explicitly defers to azure-prepare for any actual code modifications or component additions, maintaining separation of concerns.
Details
Evidence
Declared tools section is empty; no shell, file_write, file_delete, or other high-risk categories requested.
Profile states 'If the user wants to add App Insights to their app, invoke azure-prepare instead. This skill provides reference material.'
MCP Risk
Low
No MCP servers are defined in the profile; it contains only markdown documentation and code examples.
No binary execution, network access, or filesystem operations are configured.
Details
Evidence
MCP servers section is empty; no tool definitions or external integrations declared.