m365-agent-evaluator
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- Standard Tool Execution: The skill executes the official @microsoft/m365-copilot-eval CLI via npx. This is a standard method for running scoped packages from the vendor and is used to perform the skill's primary evaluation functions.
- Sensitive Data Handling: The skill provides clear instructions on managing environment variables such as API keys and Tenant IDs. It recommends using local environment files (.env.local.user) and explicitly includes a .gitignore checklist to prevent accidental exposure of secrets in version control.
- Information Leakage Prevention: The skill includes specific "Guardrails" that instruct the agent never to print, commit, or summarize secret values or potentially sensitive agent responses unless the user explicitly confirms the data is safe to share.
- Local State Management: Commands that modify local state, such as clearing the cache or signing out of sessions, are accompanied by instructions to warn the user first, ensuring transparency and user control over the environment.
Audit Metadata