azure-boards-helper
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (HIGH): Indirect Prompt Injection Surface. The skill is designed to process data from Azure Boards (work items, queries). An attacker could place malicious instructions inside work item fields (like descriptions or titles) which the agent might then process and obey during management tasks.
- Ingestion points: Azure Boards API/CLI responses containing work item details.
- Boundary markers: Absent. There are no instructions to the agent to treat work item content as untrusted data or delimiters to separate data from instructions.
- Capability inventory: The skill allows for work item creation, updating, and querying via
az boardsand Pythonrequests(write/execute permissions). - Sanitization: Absent. No logic is provided to sanitize or validate external data before use in subsequent prompts or system commands.
- [Command Execution] (MEDIUM): The skill utilizes the
az boardsCLI tool to perform operations. While these are legitimate functions for the skill's purpose, they represent a significant capability that could be abused if the agent's logic is subverted through malicious input in work items.
Recommendations
- AI detected serious security threats
Audit Metadata