azure-devops-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains multiple examples that place PATs, passwords, service principal keys, and webhooks directly in command-line flags or config files (e.g., --token YOUR_PAT_TOKEN, --password {password-or-pat}, serviceprincipalkey in JSON, curl with $slack_webhook), which encourages embedding secrets verbatim in generated commands or files.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill instructs the agent to import and create pipelines from arbitrary public Git repositories (e.g., "az repos import create --git-source-url https://github.com/user/repo" and "az pipelines create --repository https://github.com/Org/Repo") and to download from arbitrary URLs (e.g., curl "$BACKUP_URL"), so it clearly ingests untrusted, user-generated third‑party content as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes explicit instructions that run privileged install commands (e.g., "curl ... | sudo bash") which request sudo elevation and can modify the host system, so it pushes the agent toward privileged actions on the machine.