Add skill name allowlist for telemetry and expand file refs

[saikoumudi]

What does this PR do?

Added skill name allowlist to ensure we don't accidentally log custom skills customer might have created. Updated the file references to contain the latest skill references

[Add additional context, screenshots, or information that helps reviewers]

GitHub issue number?

#1923

Pre-merge Checklist

• Required for All PRs
  • Read contribution guidelines
  • PR title clearly describes the change
  • Commit history is clean with descriptive messages (cleanup guide)
  • Added comprehensive tests for new/modified functionality
  • Created a changelog entry if the change falls among the following: new feature, bug fix, UI/UX update, breaking change, or updated dependencies. Follow the changelog entry guide
• For MCP tool changes:
  • One tool per PR: This PR adds or modifies only one MCP tool for faster review cycles
  • Updated servers/Azure.Mcp.Server/README.md and/or servers/Fabric.Mcp.Server/README.md documentation
  • Validate README.md changes running the script ./eng/scripts/Process-PackageReadMe.ps1. See Package README
  • For new or modified tool descriptions, ran ToolDescriptionEvaluator and obtained a score of 0.4 or more and a top 3 ranking for all related test prompts
  • For tools with new names, including new tools or renamed tools, update consolidated-tools.json
  • For renamed tools, follow the Tool Rename Checklist and tag the PR with the breaking-change label
  • For new tools associated with Azure services or publicly available tools/APIs/products, add URL to documentation in the PR description
• Extra steps for Azure MCP Server tool changes:
  • Updated command list in servers/Azure.Mcp.Server/docs/azmcp-commands.md
  • Ran ./eng/scripts/Update-AzCommandsMetadata.ps1 to update tool metadata in azmcp-commands.md (required for CI)
  • Updated test prompts in servers/Azure.Mcp.Server/docs/e2eTestPrompts.md
  • 👉 For Community (non-Microsoft team member) PRs:
    • Security review: Reviewed code for security vulnerabilities, malicious code, or suspicious activities before running tests (crypto mining, spam, data exfiltration, etc.)
    • Manual tests run: added comment /azp run mcp - pullrequest - live to run Live Test Pipeline

[Copilot]

Pull request overview

Adds a skill-name allowlist to the plugin-telemetry command so telemetry won’t record customer-defined/custom skill names, and expands the allowed plugin file reference list to include newer skill reference files.

Changes:

• Added allowed-skill-names.json and DI wiring for an embedded-resource-backed skill-name allowlist provider.
• Updated PluginTelemetryCommand to block telemetry requests with disallowed --skill-name.
• Expanded allowed-plugin-file-references.json with additional Azure Enterprise Infra Planner reference files.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
servers/Azure.Mcp.Server/src/Resources/allowed-skill-names.json	New embedded resource defining the skill-name allowlist.
servers/Azure.Mcp.Server/src/Resources/allowed-plugin-file-references.json	Adds newly allowed reference file paths.
servers/Azure.Mcp.Server/src/Program.cs	Registers the new IPluginSkillNameAllowlistProvider in DI.
core/Microsoft.Mcp.Core/src/Areas/Server/Commands/ToolLoading/PluginTelemetryCommand.cs	Validates --skill-name against the allowlist and blocks disallowed values.
core/Microsoft.Mcp.Core/src/Areas/Server/Commands/ToolLoading/IPluginSkillNameAllowlistProvider.cs	Introduces the allowlist provider interface + embedded-resource implementation.
core/Microsoft.Mcp.Core/src/Areas/Server/Commands/ToolLoading/IPluginFileReferenceAllowlistProvider.cs	Removes an unnecessary using directive.