skills/mukul975/anthropic-cybersecurity-skills/post-exploiting-microsoft-graph-with-graphrunner/Socket
post-exploiting-microsoft-graph-with-graphrunner
Fail
Audited by Socket on Jun 25, 2026
2 alerts found:
SecurityMalwareSecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
Malwarereferences/api-reference.md
HIGHMalwareHIGH
references/api-reference.md
Treat this package/module as high-risk. Even though the fragment contains no executable code, it explicitly documents a capability chain characteristic of identity compromise and data harvesting: authentication including externally imported tokens, broad tenant recon, mailbox/Teams/SharePoint/OneDrive searching and downloads, and persistence via OAuth app injection and inbox forwarding rule creation. A full review of the actual GraphRunner.ps1 implementation, provenance, and intended authorization/safety gating is required before any use.
Confidence: 46%Severity: 80%
Audit Metadata