azure-cost-management
Warn
Audited by Snyk on May 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires fetching Markdown documentation at runtime from Microsoft Docs (e.g. https://learn.microsoft.com/en-us/azure/cost-management-billing/costs/cost-mgt-best-practices) via the mcp_microsoftdocs or fetch_webpage tools and injects that content into the agent context to drive responses, so this external content is a required runtime dependency that can directly control agent outputs.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly about Azure Cost Management and references programmatic billing operations: APIs and automation for creating subscriptions, using reservation APIs, "prepay" / buy reservations and savings plans, configuring payment methods, and creating/updating Cost Management budgets (via ARM/Bicep/APIs). Those are specific, actionable financial/billing operations (including purchase/prepay and payment-method configuration), so it grants direct financial execution capability within Azure billing.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata