azure-devops
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: All network requests are directed to official Microsoft and Azure DevOps API endpoints. The skill includes a hostname verification check for file downloads in
attachments.py, ensuring that sensitive authorization headers are only sent to trusted servers (*.dev.azure.comor*.visualstudio.com). - [INDIRECT_PROMPT_INJECTION]: The skill serves as a surface for indirect prompt injection as it retrieves data from Azure DevOps that may be controlled by other users.
- Ingestion points: Fetches content from work items, wiki pages, and pull request threads via various scripts.
- Boundary markers: None are applied to the tool's output; data is provided in raw JSON format to the agent.
- Capability inventory: The skill possesses extensive project management capabilities, including the ability to run pipelines, merge pull requests, and modify work items.
- Sanitization: The tool returns raw data from the Azure DevOps REST API without performing content filtering or sanitization.
- [SAFE]: The skill demonstrates secure coding practices, such as storing authentication tokens in the system keyring service and avoiding any use of dynamic code execution, unauthorized persistence, or command-line injection vulnerabilities.
Audit Metadata