Security risk report for @forgecat/microsoft-azure_skills-azure-compliance v0.0.4
Source Integrity
Low
Profile is attributed to Microsoft and references the official azure-skills GitHub repository (https://github.com/microsoft/azure-skills), which is a legitimate Microsoft-maintained project.
All external references (Azure documentation, Microsoft Learn, Azure Proactive Resiliency Library) point to official Microsoft and Azure resources.
No typosquatted packages, attacker-controlled repositories, or suspicious third-party dependencies are introduced.
Agent Intent
Low
Content is purely educational and instructional documentation for Azure compliance auditing, Key Vault expiration monitoring, and remediation patterns—no hidden directives to manipulate the AI agent.
References to Azure CLI commands, Bicep templates, and SDK patterns are standard legitimate tooling guidance; no instructions to read credentials, exfiltrate data, or hide instructions.
Azure Resource Graph query examples and remediation scripts are compliance-focused and do not instruct the agent to weaken security, install backdoors, or perform malicious actions.
All content describes legitimate Azure compliance workflows: 'Run Azure compliance and security audits with azqr plus Key Vault expiration checks.'
SDK references consistently recommend security best practices: 'Use DefaultAzureCredential for local development only. In production, use ManagedIdentityCredential.'
No language attempting to override system instructions, hide the profile's purpose, or instruct exfiltration of system prompts or conversation memory.
Permissions
Low
Profile declares no tools or MCP servers; it is purely markdown documentation and reference material with no executable permissions requested.
Described workflows (azqr scans, Key Vault audits, Azure CLI commands) are read-only compliance assessment operations aligned with the stated purpose of security auditing.
No file_write, file_delete, shell execution, or other high-risk operations are configured or implied.
Details
Evidence
Profile metadata shows 'Dependencies: None' and no tool definitions in the skill configuration.
All example commands (az graph query, az keyvault, az storage) are read-only audit and inspection operations.
Remediation patterns are provided as templates for user review, not auto-executed by the skill.
MCP Risk
Low
No MCP servers are defined in the profile; it is a pure markdown documentation skill with no server-side execution or tool bindings.
References to MCP tools (mcp_azure_mcp_extension_azqr, keyvault_key_list, etc.) are documented as part of the workflow but not configured or instantiated within this profile.
No hidden instructions, arbitrary binary execution, or unrestricted network/filesystem access are present.
Details
Evidence
Profile contains no 'mcp_servers' or 'tools' configuration sections.
Tool references are descriptive (e.g., 'Use the Azure MCP tool to run the scan') and point to external Azure MCP infrastructure, not embedded payloads.
All content is static markdown documentation with no dynamic server definitions.