Trust Assessment
ado-resource-validator received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Direct handling of Azure DevOps Personal Access Token (PAT), Declared Bash permission with potential for command injection, Broad read/write access to `.env` file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Direct handling of Azure DevOps Personal Access Token (PAT) The skill explicitly reads the `AZURE_DEVOPS_PAT` from the `.env` file and uses it for authentication with the Azure DevOps API. While this is necessary for its functionality, the direct access and usage of a sensitive credential means that if the skill's logic were compromised or maliciously modified, the PAT could be harvested and exfiltrated. The skill also describes updating the `.env` file, which could potentially be manipulated to alter or expose the PAT. Implement secure credential management practices. For production environments, consider using a dedicated secret management service instead of storing PATs directly in `.env` files. Ensure robust input validation for any user-provided values that might influence how the PAT is used or stored. | LLM | SKILL.md:198 | |
| HIGH | Declared Bash permission with potential for command injection The skill declares `Bash` permission and explicitly describes executing shell commands, such as `npx tsx ...`. While the provided example is hardcoded, the capability to execute arbitrary shell commands is present. If any part of the skill's internal logic constructs shell commands using untrusted input (e.g., project names, organization names, or other variables read from `.env` or interactive user prompts) without proper sanitization and escaping, it could lead to command injection, allowing an attacker to execute arbitrary commands on the host system. Review all instances where `Bash` commands are constructed and executed. Ensure that all user-controlled inputs, including those sourced from `.env` files or interactive prompts, are rigorously sanitized and properly escaped before being incorporated into shell commands. If `tsx` is used to execute skill code, ensure the skill code itself is thoroughly secured against injection vulnerabilities. | LLM | SKILL.md:250 | |
| MEDIUM | Broad read/write access to `.env` file The skill's `updateEnv` function demonstrates the ability to read the entire `.env` file content and write back modified content using string replacement. While intended for updating specific Azure DevOps related variables, this broad access means that any sensitive information stored in the `.env` file (beyond just the `AZURE_DEVOPS_PAT`) is accessible to the skill. If the skill were compromised or misused, this mechanism could be exploited to exfiltrate other sensitive environment variables or inject malicious configurations. Implement stricter validation on the `key` and `value` parameters passed to `updateEnv`. Consider using a more secure and granular `.env` management approach that parses the file into a structured object, modifies specific keys, and then serializes it back, rather than performing regex-based string replacement on the raw file content. This reduces the risk of unintended modifications or exposure of unrelated sensitive variables. Limit the scope of `.env` access to only the variables strictly necessary for the skill's operation. | LLM | SKILL.md:227 |
Scan History
Embed Code
[](https://skillshield.io/report/cbf5127be6b7aa6e)
Powered by SkillShield