ado-timesheet-report
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute system-level commands (PowerShell on Windows or the date command on Linux/macOS) to calculate and validate dates.
- Evidence: In Phase 3, the instructions require the agent to validate a user-provided 'Specific week' end date by interpolating it into a shell command (e.g., date -d '[USER_INPUT]' +%u).
- Risk: The instructions do not mandate strict regex validation or sanitization of the user-provided date string before it is passed to the shell. This could allow a malicious user to provide a crafted string containing command separators (like ';' or '&') to execute arbitrary code on the host environment.
- [PROMPT_INJECTION]: The skill processes untrusted content from an external system (Azure DevOps) which represents an attack surface for indirect prompt injection.
- Ingestion points: The skill ingests work item titles and descriptions via the 'wit_my_work_items' MCP tool.
- Boundary markers: No explicit delimiters or boundary markers are defined to isolate external work item content from the agent's instructions in the final report output.
- Capability inventory: The agent has access to the Bash tool (shell access) and Azure DevOps identity management tools.
- Sanitization: While the instructions specify stripping HTML tags and truncating descriptions to 100 characters, no sanitization or filtering is applied to work item titles.
Audit Metadata