skills/mukul975/anthropic-cybersecurity-skills/performing-oauth-scope-minimization-review/Gen Agent Trust Hub
performing-oauth-scope-minimization-review
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to official Microsoft endpoints including graph.microsoft.com and login.microsoftonline.com. These operations are used for authenticating via client credentials and accessing the Microsoft Graph API to retrieve directory information.
- [COMMAND_EXECUTION]: The provided agent.py script and SKILL.md code snippets execute administrative operations against the Microsoft Graph API. This includes enumerating service principals and modifying or deleting OAuth2 permission grants as part of the remediation workflow.
- [DATA_EXFILTRATION]: The skill accesses sensitive organizational metadata (application registrations, user consent grants, and sign-in logs) from the Microsoft Graph API. This data is collected to generate security reports and is not sent to any non-whitelisted or unauthorized external domains.
- [PROMPT_INJECTION]: The skill ingests untrusted data from the external Microsoft Graph API, such as application display names and scope descriptions. While this provides a theoretical surface for indirect prompt injection, the impact is minimized by the administrative context of the tool.
- Ingestion points: API responses from https://graph.microsoft.com/v1.0/servicePrincipals and https://graph.microsoft.com/v1.0/oauth2PermissionGrants in scripts/agent.py and SKILL.md.
- Boundary markers: None identified in the provided code snippets.
- Capability inventory: Full CRUD capabilities on OAuth2 permission grants via requests.get, requests.patch, and requests.delete.
- Sanitization: None identified; data is processed as raw strings for reporting.
Audit Metadata