Skills
skills/claude-office-skills/skills-hub/Microsoft Teams Automation/Gen Agent Trust Hub

Microsoft Teams Automation

Pass

Audited by Gen Agent Trust Hub on Jun 3, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected. The skill uses legitimate Microsoft Graph and webhook patterns for automation tasks.\n- [PROMPT_INJECTION]: The skill utilizes template interpolation (e.g., {{user}}, {{branch}}, {{id}}) to construct messages and trigger workflow actions. This creates an indirect prompt injection surface where data from external systems (like CI/CD logs or user-provided IDs) could influence the agent's behavior.\n
  • Ingestion points: Input variables in pipeline_notifications and approval_flow sections of SKILL.md.\n
  • Boundary markers: None present in the example templates to delimit untrusted content.\n
  • Capability inventory: Includes tools for sending messages (teams_message), triggering webhooks (teams_webhook), and creating issues in external systems (create_jira_issue).\n
  • Sanitization: No explicit validation or escaping logic is described in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 3, 2026, 02:52 PM
Security Audit — agent-trust-hub — Microsoft Teams Automation