azure-devops
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary functionality is built on executing
az(Azure CLI) commands through Python wrapper scripts. This allows the agent to automate complex Azure DevOps workflows directly from the terminal. - [EXTERNAL_DOWNLOADS]: The documentation references and guides users to install official Microsoft software, including the Azure CLI and the Azure DevOps extension, from trusted domains like
aka.msandmicrosoft.com. - [PROMPT_INJECTION]: The skill handles indirect prompt injection surfaces as it retrieves and processes untrusted data from Azure DevOps work items and pull requests.
- Ingestion points: The
list_work_items.pyandget_work_item.pytools read descriptions, titles, and comments from external Azure DevOps projects. - Boundary markers: No explicit security delimiters or "ignore instructions" markers are documented for processing this external text.
- Capability inventory: The skill has the ability to modify work items, create pull requests, and trigger CI/CD pipeline builds.
- Sanitization: While the tool provides Markdown-to-HTML conversion for outgoing data, it does not explicitly document sanitization of incoming data from the Azure DevOps API.
Audit Metadata