azure-devops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and example scripts (e.g., scripts/ado-cli.sh, scripts/*.py) explicitly fetch and read user-generated content from Azure DevOps endpoints (dev.azure.com and almsearch.dev.azure.com) — including wiki pages, PR comments, code search results and build logs — which the agent is expected to interpret and can materially influence actions like triggering pipelines or updating work items.