Security risk report for @forgecat/microsoft-azure_skills-azure-kusto v0.0.4
Source Integrity
Low
Profile attributes legitimate Microsoft/Azure origin with clear attribution (Author: Microsoft, Original repository: https://github.com/microsoft/azure-skills).
MIT license and version tracking provide supply-chain transparency.
Agent Intent
Low
Content is purely educational and descriptive—it documents KQL query patterns, Azure Data Explorer capabilities, and best practices without instructing the agent to perform malicious actions.
No prompt injection, role hijack, credential exfiltration, system prompt leakage, or guidance poisoning detected; all examples are legitimate data analytics workflows.
Fallback strategy section documents Azure CLI as an alternative method, not an instruction to hide behavior or bypass security controls.
Details
Evidence
Query patterns show standard KQL syntax (e.g., 'Events | where Timestamp > ago(1h) | take 100').
Best practices section recommends security-aligned guidance: 'Always include time range filters', 'Monitor query performance', 'Apply data retention policies'.
No instructions to ignore previous instructions, read credentials, exfiltrate data, or weaken security defaults.
Permissions
Low
No tool definitions or permissions are declared in the profile; the skill is purely instructional documentation.
MCP tools referenced (kusto_cluster_list, kusto_database_list, kusto_query, kusto_table_schema_get) are scoped to Azure Data Explorer operations and align with the stated purpose of querying and analyzing Kusto data.
No shell, file_write, file_delete, or other high-risk categories are invoked.
Tool descriptions are limited to query execution and schema discovery on Azure resources.
MCP Risk
Low
No MCP servers are defined in the profile; the content is markdown documentation only.
Referenced tools (kusto_cluster_list, kusto_database_list, kusto_query, kusto_table_schema_get) are standard Azure Data Explorer operations with no hidden instructions or arbitrary binary execution.
No unrestricted network access, full filesystem permissions, or unknown binary execution patterns present.
Details
Evidence
'MCP servers (untrusted data)' section is empty.
Tool descriptions are transparent and limited to Azure Kusto operations.
Fallback strategy documents standard Azure CLI commands, not arbitrary shell execution.