msgraph

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Direct Microsoft Graph API Execution" section and graph-call examples (e.g., GET /me/messages, GET /users, POST /me/sendMail) show the skill can make network requests to graph.microsoft.com and ingest user-generated tenant data (emails, messages, files) that the agent is expected to read/interpret and that could materially influence subsequent actions.