dotnet-ado-unique

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly documents using environment checks that "Invoke REST API" / "Invoke Azure Function" (see "Approval Checks" and "Pre-Deployment Validation with Azure Functions" examples calling arbitrary URLs like https://myvalidation.azurewebsites.net/api/pre-deploy) where the HTTP response is used to approve or reject deployments, meaning untrusted third‑party endpoints can be fetched at runtime and materially control pipeline actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly describes an environment "Invoke Azure Function" check that calls the runtime endpoint https://myvalidation.azurewebsites.net/api/pre-deploy with the pipeline context and uses the function's HTTP response (200 vs non-200) to approve or reject deployments, meaning a runtime external endpoint executes remote logic and directly controls pipeline execution.