m365-agents-ts
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches official Microsoft 365 Agents SDK packages (such as
@microsoft/agents-hosting) and the Vercel AI SDK from the npm registry. - [PROMPT_INJECTION]: The skill documents the handling of user-supplied data, which creates a theoretical surface for indirect prompt injection.
- Ingestion points: Message text is processed through
agent.onMessagehandlers inSKILL.md. - Boundary markers: The provided code snippets do not demonstrate the use of specific boundary delimiters or safety instructions for user content.
- Capability inventory: The skill demonstrates capabilities for network communication and integration with external LLM services (Azure OpenAI).
- Sanitization: No explicit input validation or sanitization logic is included in the educational code samples.
- [SAFE]: No malicious code, obfuscation, or safety violations were detected. The skill follows secure configuration patterns and uses verified, well-known libraries from trusted organizations.
Audit Metadata