The Agent Skills Directory

Handling of Sensitive Security Data: The skill is designed to retrieve and display sensitive information such as secret exposure alerts, dependency vulnerabilities, and code scanning findings. This exposure is a core feature of the skill, intended to help users identify and remediate security risks within their Azure DevOps environment using official tools.
Indirect Prompt Injection Surface: The skill processes alert descriptions and remediation guidance that originate from security scanning tools. Since this external content is incorporated into the agent's context, there is a theoretical surface for indirect prompt injection. However, the skill's restricted set of capabilities—limited to retrieving and displaying data—effectively mitigates the risk of unauthorized or destructive actions being triggered by such content.

security-alert-review