Skills
skills/qwibitai/nanoclaw/add-teams/Gen Agent Trust Hub

add-teams

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches the Teams adapter source code from a remote Git branch and installs the '@chat-adapter/teams' package via pnpm.
  • [COMMAND_EXECUTION]: Shell commands are used to modify the project's source code by appending imports and overwriting files with content from the git repository.
  • [PROMPT_INJECTION]: The skill enables an indirect prompt injection surface by allowing the agent to ingest untrusted data from Microsoft Teams messages.
  • Ingestion points: Microsoft Teams channel messages and direct messages via webhook.
  • Boundary markers: Not explicitly implemented in the provided configuration.
  • Capability inventory: The agent reads incoming messages and generates responses within the Teams platform.
  • Sanitization: No specific sanitization or filtering logic is mentioned for the incoming message payload.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 09:50 PM