Azure DevOps Reports

The skill is internally consistent with its stated purpose: it only needs Node/Python, uses an Azure DevOps PAT and org to perform read-only reporting, and the code and instructions align with that functionality.

This skill appears coherent and read-only, but take these precautions before installing: 1) Provide a least-privilege PAT (recommended scopes: vso.project and vso.work) and avoid giving broader write/admin scopes. 2) Keep the .env file local and do not commit it to source control; the skill reads credentials from that file. 3) The skill makes network requests to dev.azure.com and writes report files under the skill directory—verify output files and their location. 4) Error responses may include response bodies (the code prints response content on HTTP errors), so avoid using a PAT that exposes unusually broad access; rotate the PAT if it is reused elsewhere. 5) Install only the declared Python dependency (xlsxwriter) and confirm node/python are trusted on the host. If you need higher assurance, review the small JS and Python files included (they contain the full behavior) or run the scripts in a constrained environment before granting access to sensitive org accounts.