The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The orchestration scripts scripts/python_wrapper.sh and scripts/yamllint_check.sh are designed to automatically install the pyyaml and yamllint packages from the official Python Package Index (PyPI) if they are missing. This is implemented using standard virtual environment management to ensure the tool functions correctly across different environments without manual setup.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because its core functionality involves parsing and reporting on untrusted external data (Azure Pipeline YAML files).
Ingestion points: User-provided files are read by the scripts scripts/validate_syntax.py, scripts/check_best_practices.py, and scripts/check_security.py.
Boundary markers: The skill does not currently implement specific delimiters or 'ignore instructions' warnings when outputting the results of the YAML analysis to the agent.
Capability inventory: The skill utilizes shell commands (find, bash) and Python logic for static analysis. It does not provide a mechanism to execute the content of the analyzed pipeline files.
Sanitization: The tool uses yaml.safe_load for processing input, which is a security best practice that prevents the deserialization of arbitrary Python objects.

azure-pipelines-validator