Skills
skills/jpcaparas/skills/azure-devops-create-work-item/Gen Agent Trust Hub

azure-devops-create-work-item

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill is a legitimate tool for creating Azure DevOps work item drafts. Analysis of the scripts and instructional content reveals no evidence of malicious behavior, data exfiltration, or security guideline bypasses.
  • [COMMAND_EXECUTION]: The verification script scripts/probe_create_work_item_packet.py executes the internal scripts/create_work_item_packet.py using subprocess.run to confirm the generator works as expected. This is a legitimate self-test mechanism and does not involve untrusted shell execution.
  • [EXTERNAL_DOWNLOADS]: The skill contains references to official Microsoft Learn documentation for Azure Boards work item primitives and workflows in SKILL.md, metadata.json, and scripts/create_work_item_packet.py. These are trusted resources used for guidance and do not involve downloading or executing external code.
  • [DATA_EXPOSURE]: The script scripts/create_work_item_packet.py has the capability to read a local file provided via the --context-file argument. This is used to populate the context sidecar in the generated packet and is a core part of the skill's intended local file management functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 01:04 PM
Security Audit — agent-trust-hub — azure-devops-create-work-item