045-planning-azure-devops
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard Azure CLI commands (
az boards) to interact with Azure DevOps. It correctly includes a mandatory interactive gate to ensure that the CLI and required extensions are installed before attempting execution.\n- [CREDENTIALS_UNSAFE]: The instructions contain clear constraints against requesting or printing Personal Access Tokens (PATs) or other credentials in the chat environment, directing users to secure configuration commands instead.\n- [PROMPT_INJECTION]: The skill is designed to handle the risk of indirect prompt injection from external work item data.\n - Ingestion points: Data is ingested through
az boards queryandaz boards work-item querycommands inreferences/045-planning-azure-devops.md.\n - Boundary markers: The instructions in
SKILL.mdexplicitly state that all work-item fields and external descriptive text must be treated as untrusted data.\n - Capability inventory: The skill allows for writing to the external system via
az boards work-item createandaz boards work-item updatecommands.\n - Sanitization: The skill mitigates potential injection by limiting output to work item IDs and counts, while specifically refusing to render or analyze descriptive fields (titles, descriptions, comments) that could contain malicious instructions.
Audit Metadata