The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses several standard Azure management tools including az rest, az monitor, az resource, and az graph query to retrieve cost and metric data. These operations are scoped to the user's authenticated Azure session and follow established cloud management patterns. Additionally, it integrates kubectl for AKS-specific analysis, which is directly relevant to its stated purpose of Kubernetes cost visibility.
[EXTERNAL_DOWNLOADS]: The skill references several official Azure SDK packages for .NET (Azure.ResourceManager.Redis, Azure.Identity) and Azure CLI extensions (costmanagement, resource-graph). It also utilizes azqr (Azure Quick Review), a Microsoft-provided governance utility, through a dedicated MCP tool. All external resources and utilities are sourced from trusted cloud provider repositories.
[DATA_EXFILTRATION]: While the skill retrieves sensitive cost and utilization data, the analysis shows no evidence of data being transmitted to unauthorized third-party domains. Telemetry headers (e.g., ClientType: GitHubCopilotForAzure) are used consistently for official identification of the client during API calls to Microsoft's management endpoints. Data is stored locally in output/ or temp/ folders for user review and audit trails.
[CREDENTIALS_UNSAFE]: The skill demonstrates high security maturity by explicitly documenting and enforcing the use of Azure Managed Identities and RBAC. It provides detailed guides for different environments (Production vs. Local Development) and warns users against hardcoding secrets, recommending Azure Key Vault for any necessary secret management.
[INDIRECT_PROMPT_INJECTION]: The skill has a low-risk attack surface for indirect injection as it processes data from Azure API responses. However, it implements safeguards such as using structured JSON bodies for API requests and encouraging the use of specific MCP tools that provide better validation than raw CLI strings.

azure-cost