azure-diagnostics
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Command Execution for Diagnostics: The skill utilizes standard Azure CLI (
az) and Kubernetes (kubectl) commands to retrieve status, health, and logs. This is aligned with the primary purpose of troubleshooting and follows established cloud administration patterns. - High-Privilege Debugging Capability: For advanced AKS troubleshooting, the skill includes instructions for node-level debugging using
kubectl debug. This provides host-level access to cluster nodes to inspect service health and logs, which is a standard procedure for infrastructure maintenance. - Sensitive Data Retrieval: The workflows include commands to access application settings and connection strings (e.g.,
APPLICATIONINSIGHTS_CONNECTION_STRING) to verify monitoring configurations. This access is limited to the user's authenticated Azure session. - Indirect Prompt Injection Surface: The skill processes log data from sources like Azure Monitor and Kubernetes pods. While logs are untrusted data, the skill uses them for read-only diagnostic purposes, which is a common pattern for monitoring agents.
- Integration with Managed Services: It leverages official Microsoft MCP tools such as AppLens and Azure Monitor for AI-powered diagnostics and telemetry analysis, ensuring that operations are performed within the vendor's supported ecosystem.
Audit Metadata