azure-devops
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate administrative toolkit for Azure DevOps. It follows best practices by using environment variables for Personal Access Tokens (PATs) and targets official Azure DevOps domains (dev.azure.com) for all operations.
- [COMMAND_EXECUTION]: Provides utility scripts in Bash and Python that use standard tools like curl and the requests library to communicate with official Azure DevOps API endpoints.
- [EXTERNAL_DOWNLOADS]: Dependencies are limited to well-known libraries such as the Python requests package and standard system utilities like jq and curl.
- [PROMPT_INJECTION]: The skill ingests untrusted data from Azure DevOps (e.g., work item descriptions, wiki pages, pull request threads) which represents a theoretical surface for indirect prompt injection. However, this risk is inherent to the skill's primary purpose and is typically managed by the AI platform's underlying safety guardrails. Ingestion points are localized to retrieval tools, while capabilities are restricted to the Azure DevOps environment.
Audit Metadata