azure-devops

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains example commands that pass secrets verbatim (e.g., --pat YOUR_PAT and --value "secret123") and thus requires the agent to handle/output raw credential values directly, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill’s runtime LLM context can include outsider-authored free text because it fetches Azure DevOps work item/wiki/PR comment content (e.g., scripts/wiki.py get-page-content / scripts/work_items.py get / scripts/repos.py list-threads) via api_client.api_request, which decodes non-binary HTTP responses into readable JSON/text fields that the agent may pass into the LLM.