Skills
skills/alexander-kastil/agentic-sw-engineering/import-pipeline/Gen Agent Trust Hub

import-pipeline

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external deployment metadata and pipeline YAML files to drive command-line operations, creating a surface for indirect prompt injection.
  • Ingestion points: .github/deploy.json and .azdo/spfx-ci-cd.yml.
  • Boundary markers: Not present; the agent is instructed to read and apply values directly from files.
  • Capability inventory: Execution of az pipelines create, az pipelines run, and git push commands.
  • Sanitization: Not present; the skill assumes the integrity of the provided configuration files for automation.
  • [COMMAND_EXECUTION]: The skill automates the execution of Azure CLI commands (az pipelines) and Git commands. This is the primary intended functionality of the skill for managing DevOps pipelines.
  • [EXTERNAL_DOWNLOADS]: The skill references official documentation and community tools from well-known sources, including Microsoft Learn and the PnP CLI (Microsoft 365 community), for command verification and troubleshooting.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 04:46 PM