azure-devops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes explicit commands that fetch and ingest public, user-generated code (e.g., "az repos import create --git-source-url https://github.com/user/repo" and examples that git clone arbitrary repos), so the agent can pull untrusted third‑party content (public GitHub/URLs) into its workflow and thus be exposed to indirect prompt injection.