azure-devops
Warn
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute an installation script from Microsoft's official short-link service (aka.ms) with administrative privileges using 'sudo bash'.
- [REMOTE_CODE_EXECUTION]: The skill executes an unverified third-party package ('@tiberriver256/mcp-server-azure-devops') from the npm registry using the 'npx' command.
- [EXTERNAL_DOWNLOADS]: Fetches configuration and installation files from Microsoft's well-known technology service infrastructure.
- [COMMAND_EXECUTION]: Extensively uses the 'Bash' tool to run Azure CLI commands for managing pipelines, repositories, and work item tracking.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted external data.
- Ingestion points: Data retrieved from Azure DevOps including work item fields (title, description), branch names, and commit history.
- Boundary markers: Absent; untrusted data is interpolated into shell commands and discussions without delimiters or warnings.
- Capability inventory: The skill possesses extensive capabilities including command execution ('Bash'), file system modification ('Write'), and network access ('WebFetch').
- Sanitization: Absent; the instructions do not implement validation or sanitization for content retrieved from external DevOps repositories or boards before it is used in automation logic.
Audit Metadata