ado
Pass
Audited by Gen Agent Trust Hub on May 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands using
az,curl,git, andjqto perform management operations on Azure DevOps resources and parse local repository configurations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data that could influence the agent's behavior.
- Ingestion points: Untrusted data enters the agent context through the parsing of
git remote get-url originand the processing of responses from various Azure DevOps REST API endpoints (including repository names, pull request details, and code search results). - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between its instructions and the data being processed from these external sources.
- Capability inventory: The skill possesses high-privilege capabilities, including the ability to delete repositories (
az repos delete), delete pipelines (az pipelines delete), delete service hook subscriptions (curl -X DELETE), and push code modifications to repositories via the REST API. - Sanitization: The skill does not implement validation or sanitization of the content retrieved from external sources before it is interpreted or used in subsequent operations.
Audit Metadata