watch-uat-azdo-pr
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell scripts (
scripts/uat-watch-azdo.shandscripts/uat-azdo.sh) and leverages the Azure CLI (az) with theazure-devopsextension. These tools are used to poll external Azure DevOps APIs for pull request status updates. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it explicitly searches for "approval keywords" within Azure DevOps PR comments. A malicious user with access to the PR could post a comment containing instructions designed to influence the agent's behavior once the polling loop completes.
- Ingestion points: External pull request comments and thread data are retrieved via
scripts/uat-watch-azdo.sh. - Boundary markers: There are no documented boundary markers or instructions to the agent to disregard embedded commands within the PR comments.
- Capability inventory: The skill possesses the ability to execute shell scripts and access the network via the Azure CLI.
- Sanitization: No sanitization or filtering logic is described for the content ingested from the PR comments.
Audit Metadata