Security risk report for @forgecat/microsoft-azure_skills-azure-messaging v0.0.4
Source Integrity
Low
Profile claims authorship by Microsoft and references a legitimate public repository (https://github.com/microsoft/azure-skills).
No instructions to fetch external payloads, install untrusted dependencies, or execute remote code.
Agent Intent
Low
Content is a legitimate troubleshooting guide for Azure Messaging SDKs; no prompt injection, role hijack, or instruction to ignore system guidance.
No guidance poisoning: recommends only standard Microsoft Azure tools and official Microsoft Learn documentation.
No system prompt leakage, credential exfiltration, or instruction to hide/deny the skill's own instructions.
Details
Evidence
Skill description focuses on diagnosing SDK errors, connection failures, and configuration issues.
Diagnosis workflow references legitimate MCP tools (mcp_azure_mcp_documentation, mcp_azure_mcp_resourcehealth) for official Microsoft guidance.
References point to 'azure-diagnostics skill' and 'Microsoft Learn' — standard, transparent sources.
Permissions
Low
No tools or hooks are declared in the profile; the skill is purely informational/guidance.
MCP tools mentioned (mcp_azure_mcp_eventhubs, mcp_azure_mcp_servicebus, mcp_azure_mcp_monitor, mcp_azure_mcp_resourcehealth, mcp_azure_mcp_documentation) are referenced for diagnostic purposes only, not installed or configured here.
Authority is scoped to troubleshooting Azure Messaging SDKs — no shell, file write, or excessive agency.
Details
Evidence
Profile declares 'Dependencies: None' and no tool definitions.
MCP tools are listed as reference only in the 'MCP Tools' table, not as installed permissions.
MCP Risk
Low
No MCP servers are defined or configured in this profile.
The skill references external MCP tools by name only (for documentation purposes) but does not instantiate or configure them.
Details
Evidence
Profile section 'MCP servers (untrusted data)' is empty: '(none)'.
Tool references in SKILL.md are informational tables describing what tools *could* be used, not active configurations.