azure-pipelines-generator
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected. The skill instructions prioritize security best practices like pinning task versions and avoiding hardcoded secrets.
- [COMMAND_EXECUTION]: The skill specifies a local validation script (
validate_azure_pipelines.sh) to be used as a fallback for checking YAML syntax and security. This is an intended and documented safety feature. - [DATA_EXFILTRATION]: While examples contain
curlcommands for health checks, these are restricted to the application's own deployment endpoints and do not attempt to exfiltrate sensitive environment data. - [EXTERNAL_DOWNLOADS]: References to external tools in documentation and examples are limited to well-known package managers and official Azure DevOps tasks from trusted sources.
Audit Metadata