The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill provides capabilities to read untrusted content from Azure DevOps (repositories, work items, and wiki pages), which can be an attack surface for indirect prompt injection. Ingestion points: resources/repos-version-control.md (item content), resources/boards-work-tracking.md (work item fields), and resources/advanced-integrations.md (wiki content). Boundary markers: The documentation does not specify the use of delimiters or warnings to ignore instructions within fetched data. Capability inventory: The skill allows full CRUD operations via Azure DevOps REST APIs, including modifying files, managing pull requests, and updating security permissions. Sanitization: There is no mention of sanitizing or validating external content before processing.
[EXTERNAL_DOWNLOADS] (SAFE): The file resources/artifacts-packages.md references the installation of Microsoft.VisualStudio.Services.UniversalPackageTools. Since Microsoft is a trusted organization, this is considered a safe external reference.
[COMMAND_EXECUTION] (LOW): The skill documents standard CLI operations for package management (e.g., nuget, npm, pip, twine) which are consistent with the documented use cases for Azure Artifacts.

azure-devops