The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs users to install the required 'orbit' CLI tool by downloading a script from a remote GitHub repository and piping it directly to the shell (curl -sSfL ... | sh). This execution pattern allows the remote script to perform any action on the user's system without prior inspection.
[EXTERNAL_DOWNLOADS]: The skill relies on external resources hosted at github.com/jorgemuza/orbit, including installation scripts and Homebrew taps. While these originate from the skill author's repository, they represent unverified third-party code dependencies.
[COMMAND_EXECUTION]: The skill's primary functionality is built upon executing shell commands via the orbit (aliased as ado) CLI. This grants the agent broad capability to interact with the local filesystem and network through the CLI tool.
[DATA_EXFILTRATION]: The skill is designed to handle sensitive authentication data, specifically Azure DevOps Personal Access Tokens (PATs). It instructs users to store these credentials in ~/.config/orbit/config.yaml. While standard for CLI tools, the agent's ability to read this file and perform network operations creates a potential path for credential exposure.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it retrieves and processes content from external Azure DevOps work items and queries.
Ingestion points: Work item titles, descriptions, and query results retrieved via ado wi view, ado wi list, and ado query run (file: SKILL.md).
Boundary markers: None identified; the skill does not use delimiters or instructions to ignore embedded commands in the retrieved data.
Capability inventory: The skill can execute shell commands via the orbit CLI, including state changes and work item creation (file: SKILL.md).
Sanitization: No sanitization, escaping, or validation of the external content is performed before it is incorporated into the agent's context.

azure-devops