The Agent Skills Directory

[SAFE]: The skill utilizes official Microsoft libraries (msal) and well-known Python packages (requests) to interact with the Microsoft Graph API.\n- [CREDENTIALS_UNSAFE]: The PowerShell workflow in SKILL.md Step 4 generates and exports Temporary Access Passes (TAPs) to a plaintext CSV file (tap_assignments.csv). TAPs are time-limited secrets that grant access to user accounts; storing them in unencrypted files is a best-practice violation if the deployment environment lacks strict file access controls.\n- [COMMAND_EXECUTION]: The provided scripts require high-privilege administrative access (e.g., Global Admin or Policy.ReadWrite.AuthenticationMethod) to modify organizational security policies and identity configurations.\n- [DATA_EXFILTRATION]: The audit script scripts/agent.py accepts the Azure AD client-secret as a command-line argument. This practice can expose sensitive credentials to other system users via process monitors or command history log files.\n- [SAFE]: Analysis of data ingestion from the Microsoft Graph API and local CSV files shows that processed data is used only for reporting and policy configuration, with no evidence of execution-based injection vulnerabilities or malicious persistence.

implementing-passwordless-auth-with-microsoft-entra