Skills
skills/heyitsaamir/teamscli/teams-dev/Gen Agent Trust Hub

teams-dev

Warn

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to install a global CLI tool using a remote binary package from the author's GitHub repository releases (npm install -g https://github.com/heyitsaamir/teamscli/releases/latest/download/teamscli.tgz). It also includes a teams self-update command that performs unverified remote updates of the CLI tool.
  • [EXTERNAL_DOWNLOADS]: Fetches software components from the author's GitHub repository and references external services such as Microsoft devtunnels and ngrok for exposing local endpoints to the internet.
  • [COMMAND_EXECUTION]: Relies heavily on shell command execution for project scaffolding (teams project new), app registration (teams app create), and Azure resource configuration using the az CLI.
  • [PROMPT_INJECTION]: The skill scaffolds bot projects using templates (e.g., ai, graph, mcp) which may contain instructions that could influence agent behavior during code generation or deployment.
  • Ingestion points: Project templates processed via the teams project new command in references/guide-create-bot-app.md.
  • Boundary markers: Absent; no explicit delimiters are provided to isolate template content from agent instructions.
  • Capability inventory: The skill has capabilities for file system writes, subprocess execution (npm, pip, dotnet), and network access via the Teams and Azure CLIs.
  • Sanitization: Absent; there is no evidence of validation or sanitization applied to template content before it is written to the user's disk.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 16, 2026, 03:09 AM