pipeline-validator

SUSPICIOUS: The core Azure DevOps capabilities match the stated purpose and tool provenance is legitimate, but the skill is high-risk because it is explicitly autonomous and can repeatedly edit code, push commits, and retrigger pipelines based on untrusted CI log content with no per-action confirmation. Data flows stay mostly within official Microsoft/Git paths, so this looks more like an overpowered automation skill than credential theft or confirmed malware.