azure-external-attack-surface-management
Warn
Audited by Snyk on Mar 10, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.70). The skill explicitly requires fetching remote Markdown from Microsoft Learn at runtime (e.g., https://learn.microsoft.com/en-us/azure/external-attack-surface-management/understanding-billable-assets via the mcp_microsoftdocs:microsoft_docs_fetch or fetch_webpage tool), and that fetched content is injected into the agent context and relied upon to generate responses, so it can directly control prompts/instructions.
Audit Metadata