Skills
skills/openhands/extensions/azure-devops/Gen Agent Trust Hub

azure-devops

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using curl and git to manage repositories and call Azure DevOps REST APIs.
  • [CREDENTIALS_UNSAFE]: The documentation suggests embedding the AZURE_DEVOPS_TOKEN directly into the git remote URL via git remote set-url, which results in the sensitive token being stored in plain text within the workspace's .git/config file.
  • [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface as it is designed to ingest and process data from external Azure DevOps sources such as pull request descriptions and repository files.
  • Ingestion points: Data retrieved from Azure DevOps API endpoints (e.g., _apis/git/pullrequests) and git repository content.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are specified.
  • Capability inventory: The skill utilizes bash, git, and curl, providing file system, network, and command execution capabilities.
  • Sanitization: No sanitization or validation logic is defined for the external data being processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 06:31 PM