Skills
skills/ntaksh42/agents/azure-repos-helper/Gen Agent Trust Hub

azure-repos-helper

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The skill utilizes az repos CLI commands to perform operations. This assumes the executing environment has the Azure CLI installed and pre-authenticated with sufficient permissions.
  • PROMPT_INJECTION (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8).
  • Ingestion points: Untrusted data enters the agent context through PR titles, descriptions, and work item details used in az repos pr create (SKILL.md).
  • Boundary markers: There are no delimiters or instructions provided to the agent to treat PR content as data rather than instructions.
  • Capability inventory: The skill provides the ability to modify repository state, specifically to approve (--status approved) and merge (--status completed) code into the main branch (SKILL.md).
  • Sanitization: No input validation or sanitization is performed on the strings interpolated into the CLI commands.
  • Risk: An attacker could submit a PR with a description containing instructions that trick the agent into automatically approving and merging the PR, bypassing the intended human-in-the-loop review process.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:18 AM