ado-pipeline-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The file contains instructional language using terms like 'MANDATORY' and 'NEVER', but these are legitimate behavioral guidelines for an AI agent rather than attempts to bypass safety filters or extract system prompts.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, API keys, or sensitive file paths were found. The skill correctly recommends using Azure Key Vault for secrets management.
- Unverifiable Dependencies & Remote Code Execution (SAFE): There are no commands for downloading or executing remote scripts (e.g., curl, wget piped to bash) and no external package installations.
- Obfuscation (SAFE): No encoded strings, zero-width characters, or homoglyphs were detected in the text or code snippets.
- Indirect Prompt Injection (LOW): The skill provides instructions on how the agent should handle file paths and documentation creation. While these are instructions for the agent, they do not involve processing untrusted external data that could lead to injection attacks.
Audit Metadata