agent security skill risk: medium
Azure Storage Misconfiguration Audit Reporter
The prompt describes a procedure to audit Azure storage accounts for public access, SAS tokens, encryption, TLS, and network issues using the azure-mgmt-storage SDK, then output a…
- Policy sensitive
- Human review
- External action: medium
SKILL 4 files · 2 folders
SKILL.md
--- name: detecting-azure-storage-account-misconfigurations description: "Audit Azure Blob and ADLS storage accounts for public access exposure, weak or long-lived SAS tokens, missing" --- # Detecting Azure Storage Account Misconfigurations ## Overview Azure Storage accounts are a frequent target for attackers due to misconfigured public access, long-lived SAS tokens, missing encryption, and outdated TLS versions. This skill uses the azure-mgmt-storage Python SDK with StorageManagementClient to enumerate all storage accounts in a subscription, inspect their security properties, list blob containers for public access settings, and generate a risk-scored audit report identifying critical misconfigurations. ## When to Use - When investigating security incidents that require detecting azure storage account misconfigurations - When building detection rules or threat hunting queries for this domain - When SOC analysts need structured procedures for this analysis type - When validating security monitoring coverage for related attack techniques ## Prerequisites - Python 3.9+ with `azure-mgmt-storage`, `azure-identity` - Azure service principal with Reader role on target subscription - Environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID ## Key Detection Areas 1. **Public blob access** — `allow_blob_public_access` enabled on storage account or individual containers set to Blob/Container access level 2. **HTTPS enforcement** — `enable_https_traffic_only` disabled, allowing unencrypted HTTP traffic 3. **Minimum TLS version** — accounts accepting TLS 1.0 or TLS 1.1 instead of minimum TLS 1.2 4. **Encryption at rest** — storage service encryption not enabled or missing customer-managed keys 5. **Network rules** — default action set to Allow instead of Deny, exposing storage to all networks 6. **SAS token risks** — account-level SAS with overly broad permissions or excessive lifetime ## Output JSON report with per-account findings, severity ratings (Critical/High/Medium/Low), and remediation recommendations aligned with CIS Azure Benchmark controls.
REQUIRED CONTEXT
- Python 3.9+ environment with azure-mgmt-storage and azure-identity
- Azure service principal with Reader role
- Environment variables AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID
EXPECTED OUTPUT
- Format
- structured_report
- Schema
- json · per-account findings, severity ratings, remediation recommendations
- Constraints
- JSON report with per-account findings
- include severity ratings (Critical/High/Medium/Low)
- include remediation recommendations aligned with CIS Azure Benchmark controls
SUCCESS CRITERIA
- generate a risk-scored audit report identifying critical misconfigurations
CAVEATS
- Dependencies
- Python 3.9+ with `azure-mgmt-storage`, `azure-identity`
- Azure service principal with Reader role on target subscription
- Environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID
- Missing context
- Exact input format or parameters the skill expects
- Step-by-step execution procedure or code template
- Ambiguities
- Description field is truncated mid-sentence ("missing")
QUALITY
- OVERALL
- 0.72
- CLARITY
- 0.75
- SPECIFICITY
- 0.80
- REUSABILITY
- 0.65
- COMPLETENESS
- 0.70
IMPROVEMENT SUGGESTIONS
- Complete the truncated description sentence
- Add a clear 'Input' section specifying required parameters or data
- Include an example JSON output structure under the Output section
USAGE
Copy the prompt above and paste it into your AI of choice — Claude, ChatGPT, Gemini, or anywhere else you're working. Replace any placeholder sections with your own context, then ask for the output.
MORE FOR AGENT
- MoltPass Client for AI Agent Identitiesagentsecurity
- Supply Chain Dependency Risk Auditoragentsecurity
- Supply Chain Dependency Risk Auditoragentsecurity
- Threat Modeling Security Expertagentsecurity
- Security Bluebook Policy Builderagentsecurity
- Security Bluebook Policy Builderagentsecurity
- Security Blue Book Policy Builderagentsecurity
- Threat Modeling Security Architecture Expertagentsecurity
- Supply Chain Dependency Risk Auditoragentsecurity
- Threat Modeling Security Expertagentsecurity
- SIEM Detection Rule Tuning Guideagentsecurity
- AI File Metadata Compliance Auditoragentsecurity
- Implementing PAM for Database Accessagentsecurity
- AFL++ Coverage-Guided Fuzzing Procedureagentsecurity
- Supply Chain Attack Simulation Detectoragentsecurity
- Security Audit Fix Verifieragentsecurity
- Active Directory ACL Abuse Analyzeragentsecurity
- Privileged Access Workstation Implementation Guideagentsecurity
- SSRF Vulnerability Testing and Reporting Guideagentsecurity
- Security Audit Fix Revieweragentsecurity
- AWS IAM Privilege Escalation Detectoragentsecurity
- SSL/TLS Security Assessment with Sslyzeagentsecurity
- GCP Penetration Testing with GCPBucketBruteagentsecurity
- AWS CloudTrail Anomaly Detection Guideagentsecurity
- Security Audit Fix Commit Revieweragentsecurity