azure-devops

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes examples that encode and place PATs directly into Authorization headers and shell commands (e.g., curl with base64-encoded :YOUR_PAT), which instructs embedding secrets verbatim in outputs and therefore creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's core workflow and SKILL.md explicitly include API calls that fetch user-generated Azure DevOps content—e.g., GET /{organization}/{project}/_apis/git/repositories/.../items?download=true (file contents), GET .../pullrequests/{pullRequestId}/threads (PR comments/threads), and GET .../wiki/wikis/{wikiId}/pages (wiki pages)—which the agent would ingest and could allow instructions in that third‑party content to materially influence subsequent tool actions.