If you discover a security vulnerability in this project, please report it responsibly.

Do not open a public issue.

Instead, use GitHub's private vulnerability reporting to submit a report. I'll acknowledge receipt within 48 hours and aim to provide a fix or mitigation plan within 7 days.

This project contains GitHub Copilot CLI extensions that interact with Azure DevOps APIs via the Azure CLI. Security concerns might include:

• Credential or token exposure in extension code
• Unsafe handling of API responses
• Path traversal or injection in shell command parsing

Only the latest version on main is supported.