data-engineering-weekly-report
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Azure DevOps CLI (
az boards) to perform several operations including listing iterations, area paths, querying work items via WIQL, and fetching detailed work item data. These commands are used to automate the data retrieval process for the report. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted data from an external source (Azure DevOps) and uses it to generate summaries.
- Ingestion points: The skill retrieves
System.TitleandSystem.Descriptionfrom work items via theaz boards work-item showcommand (defined in SKILL.md). - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the fetched work item content as untrusted or to ignore embedded instructions.
- Capability inventory: The agent has the ability to execute shell commands (
az boards), write markdown files to the workspace, and potentially publish to external wikis (SKILL.md). - Sanitization: The skill lacks explicit sanitization or validation steps for the content fetched from Azure DevOps before it is used to derive the "Objective" or other summary components.
Audit Metadata