Enable shell tasks arguments validation.

Why This Matters

Shell tasks in Azure DevOps pipelines can execute arbitrary command-line operations. Without arguments validation, malicious or malformed inputs could be passed to these tasks, leading to unintended script execution, data exposure, or privilege escalation. Enabling validation ensures that only expected argument patterns are processed, reducing the risk of injection attacks.

What Aether365 Checks

Aether365 verifies whether shell task arguments validation is enabled for your Azure DevOps organization. This check appears in the Aether365 dashboard under the microsoft-365 security category.

How to Fix

To enable shell tasks arguments validation in Azure DevOps: