Skills
skills/openhands/skills/azure-devops/Gen Agent Trust Hub

azure-devops

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE] (MEDIUM): The skill instructs the agent to embed the AZURE_DEVOPS_TOKEN directly into the Git remote URL (git remote set-url origin https://${AZURE_DEVOPS_TOKEN}@dev.azure.com/...). This action writes the sensitive token in plain text to the local .git/config file, making it vulnerable to exposure through process listings, environment logs, or if the workspace is shared.
  • [DATA_EXFILTRATION] (LOW): The skill uses curl to send the AZURE_DEVOPS_TOKEN to dev.azure.com. While this is the intended purpose, dev.azure.com is not on the predefined whitelist of trusted domains.
  • [PROMPT_INJECTION] (LOW): Susceptible to Indirect Prompt Injection (Category 8).
  • Ingestion points: Data fetched from Azure DevOps via API (repository content, pull request descriptions, and comments).
  • Boundary markers: Absent; there are no instructions to the agent to ignore instructions embedded in the fetched data.
  • Capability inventory: The agent can execute git commands (commit, push) and curl requests based on processed data.
  • Sanitization: Absent; data from the external API is processed without validation or escaping.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:19 PM