boards-work-item-summary
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [Scoped Data Access]: The skill retrieves Azure DevOps work items using specific IDs provided by the user. This ensures that data access is controlled and limited to the intended scope.
- [Privacy Best Practices]: The skill explicitly instructs the agent to omit email addresses when displaying the 'Assigned To' field, demonstrating a privacy-first approach to data handling.
- [Indirect Prompt Injection Surface]: The skill ingests untrusted data from Azure DevOps work item descriptions and comments. Although it does not use explicit boundary markers to delimit this content, the capability inventory is restricted to summarization and display, with no access to shell commands, file-system operations, or arbitrary network requests.
- [Safe Infrastructure Usage]: All generated links for work items and pull requests point to the official Azure DevOps domain, aligning with standard vendor practices and infrastructure.
Audit Metadata