worker-image-investigation

This skill is a documentation/investigation tool that describes legitimate debugging workflows for Taskcluster worker image regressions and debugging Windows VMs via Azure CLI. It does not contain hardcoded secrets, obfuscated payloads, or explicit remote execute/install chains (curl|bash). The primary security concerns are operational: it requires Azure credentials and uses az vm run-command to execute PowerShell on production VMs, which is high-privilege and can be abused if the local investigate.py or the investigator's environment is compromised. Remote artifact fetches (SBOM via curl) introduce standard trust dependencies on artifact servers but are not themselves execution vectors in the doc. Overall there is moderate operational risk due to credential scope and remote command execution on infrastructure; treat the skill as useful but requiring careful operational controls (least privilege, vetted investigate.py, and cautious handling of outputs).