The Agent Skills Directory

[SAFE]: No malicious patterns detected. The skill uses official, well-known libraries (azure-monitor-query, azure-identity) for its operations.
[SAFE]: Credential handling is performed securely via environment variables and the standard DefaultAzureCredential provider, which is the industry standard for Azure SDKs.
[SAFE]: The skill functionality is consistent with its stated purpose of security auditing and threat hunting, with all KQL queries targeting legitimate audit log tables.

analyzing-azure-activity-logs-for-threats