ado-gateway
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill interacts with Azure DevOps APIs using an authentication token (AZURE_DEVOPS_PAT). All network communications are restricted to official Microsoft domains (dev.azure.com and vssps.dev.azure.com), which are well-known and trusted services.
- [DATA_EXPOSURE]: Implements proactive redaction logic to prevent the accidental exposure of sensitive credentials. Scripts like normalize-work-item.sh, fetch-pr-comments.sh, and write-guard.sh use regular expressions to identify and mask Bearer tokens and Azure DevOps PATs in both API request bodies and responses.
- [COMMAND_EXECUTION]: Utilizes local bash and Python scripts for data processing and API interaction. These scripts use safe patterns, such as jq --arg for passing user input to JSON processors and mktemp for temporary file management, reducing the risk of command injection.
- [EXTERNAL_DOWNLOADS]: Fetches configuration and data from trusted Azure DevOps environments. No execution of untrusted remote code was detected.
- [INDIRECT_PROMPT_INJECTION]: As the skill ingests external data from Azure DevOps (such as PR comments or work item descriptions), it inherently possesses an attack surface for indirect prompt injection. However, this risk is mitigated by the skill's architecture, which uses structured JSON contracts, strips HTML formatting, and enforces a mandatory human-in-the-loop confirmation step (--confirm) for any state-changing operations.
Audit Metadata