The Agent Skills Directory

[COMMAND_EXECUTION]: The skill primarily functions by executing Azure CLI commands through the Bash tool to perform operations on Azure DevOps resources.
[PROMPT_INJECTION]: The skill exhibits surface area for Indirect Prompt Injection (Category 8) due to its interaction with untrusted external data. * Ingestion points: Untrusted data enters the agent context via commands like az boards work-item show, az repos pr show, and az pipelines build logs. * Boundary markers: There are no explicit markers or instructions to ignore embedded commands within the retrieved text. * Capability inventory: The agent has access to powerful tools including Bash, Write, and WebFetch, which could be leveraged if the agent obeys instructions found in external data. * Sanitization: The skill does not implement any validation or sanitization of the content retrieved from Azure DevOps before processing.
[EXTERNAL_DOWNLOADS]: The documentation mentions the optional installation and execution of the @azure-devops/mcp package using npx, which retrieves code from the public npm registry.
[DATA_EXFILTRATION]: The skill uses curl to interact with Azure DevOps APIs at dev.azure.com (a well-known service) and handles Personal Access Tokens (PATs) for authentication, following security best practices by recommending environment variables.

ado-operation