azure-devops-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes a direct CLI example that passes a PAT via --token (az devops login --token YOUR_PAT_TOKEN), which encourages embedding secret values verbatim in generated commands and thus risks secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's reference docs explicitly show commands that fetch and ingest public, user-generated content (e.g., "az repos import create --git-source-url https://github.com/user/repo" in references/repos-and-prs.md and "az pipelines create --repository https://github.com/Org/Repo" in references/pipelines-and-builds.md, plus curl fallback downloads in workflows-and-patterns.md), so the agent's workflows can pull untrusted third‑party content (public repos/URLs) that could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Prerequisites include a runtime install command that downloads and executes remote code (curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash), so https://aka.ms/InstallAzureCLIDeb is a required external dependency that executes remote code.