azure-devops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to send arbitrary HTTP requests to https://unify.apideck.com/proxy with an x-apideck-downstream-url pointing at Azure DevOps endpoints, meaning the agent will fetch and interpret user/third-party Azure DevOps content (repos, work items, comments) which could contain untrusted instructions that influence subsequent actions.