msgraph-visio

SUSPICIOUS: the skill’s core workflow is coherent for SharePoint-hosted Visio generation, but it forwards Azure client secrets to an npx-installed third-party MCP package and can publish organization-scoped sharing links. This looks more like a high-trust integration than outright malware, but the credential handling and remote package execution create medium security risk.