teams-bot-infra

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to extract and display CLIENT_ID, CLIENT_SECRET, and TENANT_ID verbatim from the CLI JSON output, forcing the LLM to output secret values directly and creating a high exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Most URLs are official Microsoft/ngrok documentation or harmless placeholders, but the direct npm install pointing to a GitHub release tarball from an individual/unknown account (https://github.com/heyitsaamir/teamscli/releases/latest/download/teamscli.tgz) is potentially high risk because installing a remote .tgz globally can run arbitrary install scripts and unknown GitHub releases are a common malware distribution vector.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires installing and running the Teams CLI from the remote package URL https://github.com/heyitsaamir/teamscli/releases/latest/download/teamscli.tgz (via npm install -g), which fetches and installs executable remote code that the skill then executes for its operations.