The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The script scripts/Install-MsGraphRunner.ps1 downloads an executable ZIP archive from an external GitHub repository at https://github.com/merill/msgraph/releases/latest/download/msgraph.zip.
[REMOTE_CODE_EXECUTION]: The skill extracts the downloaded archive and executes the contained scripts (run.ps1 or run.sh) using the PowerShell call operator within scripts/Invoke-GraphGateway.ps1 and scripts/Get-GraphGatewayRunnerStatus.ps1.
[COMMAND_EXECUTION]: scripts/Invoke-GraphGateway.ps1 constructs and executes commands that interact with the Microsoft Graph API. The command paths and arguments can be influenced by environment variables or script parameters, allowing for the execution of arbitrary API requests.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of user-provided instructions and JSON request files.
Ingestion points: User task descriptions and request files processed in scripts/Invoke-GraphGateway.ps1.
Boundary markers: The skill documentation and procedures include a manual confirmation step, but no programmatic delimiters or safety markers are used in the data ingestion flow.
Capability inventory: The skill has the ability to read from and write to sensitive Microsoft 365 resources (mail, calendar, OneDrive) via the Graph API.
Sanitization: Relies on manual user review of the confirmation summary generated by scripts/New-GraphWriteConfirmation.ps1 before executing write operations; no automated sanitization of ingested content is performed.

microsoft-graph-gateway