Skills
skills/davekilleen/dex/ms-teams-setup/Gen Agent Trust Hub

ms-teams-setup

Warn

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx -y teams-mcp to download and execute an external package from the public NPM registry. The package's source code and origin are not verifiable from the skill content.
  • [COMMAND_EXECUTION]: The setup process executes shell commands via npx to initialize the Teams MCP server and modifies local configuration files (.mcp.json and System/integrations/config.yaml) to maintain the integration.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it ingests untrusted data from external sources for summarization without explicit safety boundaries.
  • Ingestion points: teams_list_chats(), teams_list_channels(), and teams_search_messages() defined in SKILL.md.
  • Boundary markers: Absent; no instructions are provided to the agent to ignore embedded commands in the fetched messages.
  • Capability inventory: Ability to execute shell commands via npx and perform file-system writes to configuration files, as specified in SKILL.md.
  • Sanitization: No evidence of input validation, filtering, or escaping before external data is presented to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 20, 2026, 12:41 AM
Security Audit — agent-trust-hub — ms-teams-setup