The Agent Skills Directory

[COMMAND_EXECUTION]: The Python scripts scripts/powershell_generator.py and scripts/user_management.py generate PowerShell code by interpolating data from external CSV files directly into string templates without sanitization. In UserLifecycleManager.generate_user_creation_script, user-supplied fields like display_name and department are placed inside PowerShell string literals without escaping double quotes. An attacker could provide a crafted CSV file that uses quote-breaking sequences to inject and execute arbitrary PowerShell commands with the high privileges of a Global Administrator.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its CSV ingestion process. Ingestion points: External CSV files containing user provisioning data are processed by scripts/user_management.py. Boundary markers: Absent; the skill does not use delimiters to isolate untrusted data from the generated command logic. Capability inventory: The skill generates scripts that perform sensitive operations including user creation, license assignment, and security policy modification via Microsoft Graph APIs. Sanitization: Absent; no input validation or escaping is implemented to prevent malicious payloads in the CSV from influencing the generated script's behavior.

ms365-tenant-manager