ado-init
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configures the agent to use the
@azure-devops/mcppackage vianpx. This package is an official tool provided by Microsoft, which is a trusted organization. This reference is documented neutrally as it targets a well-known, trusted source. - [REMOTE_CODE_EXECUTION]: The skill facilitates the configuration of an MCP (Model Context Protocol) server by writing execution commands (
npx -y @azure-devops/mcp) to a.mcp.jsonfile. This is the intended primary function of the skill to enable Azure DevOps integration. - [COMMAND_EXECUTION]: The skill generates platform-specific command strings (using
cmd /c npxfor Windows andnpxfor Linux/Mac) to be used in the local environment configuration. - [PROMPT_INJECTION]: The instructions include defensive constraints requiring the agent to ignore any initial user arguments and strictly follow an interactive multi-phase prompt sequence. This is a logic-flow enforcement mechanism rather than a malicious bypass of safety guidelines.
- [DATA_EXPOSURE]: The skill implements a security-conscious approach to configuration management. It explicitly forbids the agent from reading the contents of an existing
.mcp.jsonfile to prevent accidental exposure of other configured service credentials, instead providing a manual update snippet to the user.
Audit Metadata