post-exploiting-microsoft-graph-with-graphrunner

Fail

Audited by Socket on Jun 25, 2026

2 alerts found:

SecurityMalware
SecurityMEDIUM
SKILL.md
MalwareHIGH
references/api-reference.md

Treat this package/module as high-risk. Even though the fragment contains no executable code, it explicitly documents a capability chain characteristic of identity compromise and data harvesting: authentication including externally imported tokens, broad tenant recon, mailbox/Teams/SharePoint/OneDrive searching and downloads, and persistence via OAuth app injection and inbox forwarding rule creation. A full review of the actual GraphRunner.ps1 implementation, provenance, and intended authorization/safety gating is required before any use.

Confidence: 46%Severity: 80%
Audit Metadata
Analyzed At
Jun 25, 2026, 06:50 PM
Package URL
pkg:socket/skills-sh/mukul975%2FAnthropic-Cybersecurity-Skills%2Fpost-exploiting-microsoft-graph-with-graphrunner%2F@d9f004bdf7173064a14e7d92c0fd41fad5d6bf622f2752541d87df7427bd5407
Security Audit — socket — post-exploiting-microsoft-graph-with-graphrunner