m365-workflows
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and process data from external Microsoft 365 sources (SharePoint, Teams, meeting transcripts) which can contain instructions intended to manipulate the agent.
- Ingestion points: Data retrieval via Microsoft Graph API calls as shown in Rules 2, 3, 4, 12, 16, 17, and 19 (SKILL.md).
- Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present in the provided implementation patterns.
- Capability inventory: The skill enables the agent to perform write operations (POST, PUT, PATCH), upload files to OneDrive/SharePoint, create tasks, and trigger external webhooks.
- Sanitization: The provided examples do not include sanitization or validation of the retrieved external content before it is used in further logic.
- [EXTERNAL_DOWNLOADS]: The skill configures an external MCP (Model Context Protocol) server endpoint hosted on Microsoft Azure Container Apps (
ms365-mcp.delightfulbeach-79de09ed.koreacentral.azurecontainerapps.io). While Azure is a well-known service provider, this connects the agent to a specific external infrastructure instance.
Audit Metadata