coder-ado

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it reads and processes untrusted data from Azure DevOps work items and documentation to perform sensitive actions like code writing and Git commits. However, this risk is inherent to its primary purpose and mitigated by explicit confirmation steps.
  • Ingestion points: Reads content from Azure DevOps work item descriptions, comments, and project documentation (e.g., \docs\agents\issue-tracker.md).
  • Boundary markers: No specific boundary markers or "ignore embedded instructions" warnings are defined in the process.
  • Capability inventory: Performs code implementation (file writes), Git operations (branching, committing), and updates Azure DevOps metadata.
  • Sanitization: No specific sanitization or validation of the ingested content is described.
  • [COMMAND_EXECUTION]: The skill executes Git commands for branching and committing work. These commands are scoped to a feature branch workflow and depend on the user providing a confirmed organization and project, limiting the risk of unauthorized execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 08:22 PM
Security Audit — agent-trust-hub — coder-ado