Defender Posture Reviewer

Security checks across malware telemetry and agentic risk

Overview

This skill is a guidance-only Azure security review helper that analyzes user-provided Defender for Cloud exports and does not install code or access Azure directly.

Install only if you are comfortable sharing Azure security posture exports with the agent. Do not provide credentials or secret values, and manually review any generated Azure CLI remediation commands before running them in Azure.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 87% confidence
Finding: The skill claims to be instruction-only and read-only, but it also directs the model to produce Azure CLI commands for both data collection and remediation. That mismatch can cause users to over-trust the skill as non-operational while still receiving executable commands that modify Azure resources, increasing the chance of unsafe copy/paste actions or privilege misuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal