pipelines-health-check
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- Standard Tool Integration: The skill utilizes official command-line interfaces (
azandgh) to interact with Azure DevOps and GitHub. This is the intended behavior for gathering CI/CD metrics and PR status in a developer environment. - Data Sanitization: The PowerShell scripts include a
Sanitize-ErrorStringfunction that cleans and truncates external content (such as build logs or error messages) before it is processed. This reduces the risk of malformed data impacting the agent's logic. - Trusted External Dependencies: The skill suggests the use of the
workiqtool from the@microsoftNPM scope and a specialized binlog analysis tool. These resources originate from trusted organizations and are used to provide additional context for infrastructure failures. - Indirect Data Processing: The skill ingests PR titles and build error messages from external repositories. While this is a surface for indirect instructions, the skill implements sanitization and uses structured data templates for its subagent investigations to maintain safety.
- Least Privilege Auth: The instructions rely on the user's existing local authentication (
az login,gh auth login), ensuring the skill operates within the user's established permission boundaries without requiring hardcoded secrets.
Audit Metadata