azdevops
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill documentation instructs users to install an external package
@billpeet/azdevops-clivia npm. This package and its author are not part of the established trusted source list, introducing a potential supply chain risk. - [COMMAND_EXECUTION] (MEDIUM): The skill operates by executing shell commands with parameters (like titles, descriptions, and WIQL queries) that may be derived from user input. This presents a risk of command injection if the underlying agent does not properly sanitize these inputs before execution.
- [DATA_EXPOSURE] (MEDIUM): The skill interacts with sensitive file paths (e.g.,
~/.config/azdevops-cli/config.json) and environment variables (AZDEVOPS_TOKEN) to manage authentication. While necessary for its primary function, this access exposes sensitive credentials to the agent's environment. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes data from external sources (Azure DevOps work items, pull requests, and pipelines) which could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points:
azdevops work-item get,azdevops pr list, andazdevops pipeline runscommands read external content. - Boundary markers: Absent in the command templates.
- Capability inventory: The skill can perform state-changing actions like
azdevops pipeline run,azdevops pr create, andazdevops work-item update. - Sanitization: No explicit sanitization or validation of the fetched data is described.
Audit Metadata